084e348f947b3b2217e3e7bc12932621_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

084e348f947b3b2217e3e7bc12932621_JaffaCakes118
Size

64KB
MD5

084e348f947b3b2217e3e7bc12932621
SHA1

485c1c2759e1c463af0a58f3f7cda46523a5737c
SHA256

b688900f4872a21f15f1fa7e23db17a6874f19e6fe7cc734657d2f84c7621940
SHA512

751cf976802d271f77eb97c001c0efd4e50f294264d23e4f1628439cf83b3e15466a265bf6a23fd85ddae9869638198270a19dd98eb7eb38d368970a34cea4d3
SSDEEP

1536:0sqZhMZjYbXnXFIkLD5Q7hJhyNvtHG99qyaZf:0sYbXXWkxQdevtED2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084e348f947b3b2217e3e7bc12932621_JaffaCakes118

Files

084e348f947b3b2217e3e7bc12932621_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f774bd99666f98af5b0073d0d0a41207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
DosDateTimeToFileTime
GenerateConsoleCtrlEvent
GetCommTimeouts
WaitForMultipleObjectsEx
FindResourceExW
LoadResource
GetFileSize
FindCloseChangeNotification
ClearCommBreak
SetTapePosition
EnumResourceNamesW
CreateTapePartition
_lclose

gdi32

ExtSelectClipRgn

advapi32

ChangeServiceConfig2W
SaferRecordEventLogEntry
CredMarshalCredentialA

user32

DestroyCursor
IsMenu

ntdll

RtlGetLastWin32Error

apphelp

ApphelpCheckExe

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lhvbj
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ