163738643748cda7f8258c1061a8f8f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

163738643748cda7f8258c1061a8f8f5_JaffaCakes118
Size

31KB
MD5

163738643748cda7f8258c1061a8f8f5
SHA1

d857f9d106cd96579b6a7c3ae062c8245b9cac3f
SHA256

25e4fda666eb2fe839cce632890cd6f307e16ee698bd04647803997a220f4c42
SHA512

d2c62eaa67739aa3425aae9c2d67309d0a4ae2e9b0367968860ac58e046f8ae4aaafc156ea4ece0ffbdb1b16a152f11fc8e543f84bc15f331abe65e59439922f
SSDEEP

768:9Dq8Jsi4dN7JOcTr7uHZ9SfhWKEU4hDxB69z:9Dq8JCdrFTra9KhWRUIg9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163738643748cda7f8258c1061a8f8f5_JaffaCakes118

Files

163738643748cda7f8258c1061a8f8f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5cc1d106a25cec8f16a00c6aaf82bd85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ExitProcess
GetStartupInfoA
MoveFileWithProgressA
GetPrivateProfileSectionW
ReadFileScatter
LocalSize
GetCurrentDirectoryW
WriteProcessMemory
PulseEvent
FlushInstructionCache
LocalFree
VDMOperationStarted
EnumSystemCodePagesA
GetFileAttributesW
LoadLibraryA
SetStdHandle
LoadLibraryA
GetCommProperties
CreateSemaphoreA
GetConsoleInputExeNameW
LocalReAlloc
GetProcessPriorityBoost
ReplaceFileW
GetStringTypeW
Heap32ListFirst
SetConsoleInputExeNameW
LoadLibraryA
WriteConsoleInputA
lstrcatW
GetVolumeInformationW
CreateNamedPipeA
Thread32First
CallNamedPipeA
ExitProcess
GetVolumePathNameW
WritePrivateProfileSectionA
GetCPInfoExA
GetLogicalDrives
ProcessIdToSessionId

Sections

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ