177b6927640c27409663dd00b91642f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

177b6927640c27409663dd00b91642f7_JaffaCakes118
Size

96KB
MD5

177b6927640c27409663dd00b91642f7
SHA1

d88e858909e4987d90a3c8a8c870df820663bac2
SHA256

d2e250bb42e5aa959da35e275b4f76626923cede8f00dc8284069fc2a7f005a7
SHA512

ffacc1d001c60f82a94d9b7829156ec528e3afdc0de4b4085faa6758bf57ccdcad24373ae347c4584672512bc156f4bbae6659f98d9b8090a75fdf978e450be9
SSDEEP

1536:YetSi1JuvADQEor17zfUr1I35XHQ7umo9X3mXOq2zrp9aQIq1TVBz8ySlQjhL4Vk:XkIuYDz2M6whQ3mXF2zrm5S/z8yQQ5iu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
177b6927640c27409663dd00b91642f7_JaffaCakes118

Files

177b6927640c27409663dd00b91642f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9775735fd105cbb5301af3800028de36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
HeapAlloc
GetProcessHeap
GetProcAddress
VirtualProtect
LoadLibraryA
HeapFree

user32

GetForegroundWindow
GetActiveWindow
KillTimer

Exports

Exports

?TIKDNOMTB1@@YAHHH@Z
?TIKDNOMTC2@@YAHHH@Z
?TIKDNOMTE4@@YAHHH@Z
?TIKDNOMTF5@@YAHHH@Z
?TIKDNOMTJ9@@YAHHH@Z
?TIKDNOMTL11@@YAHHH@Z
?TIKDNOMTT19@@YAHHH@Z
?TIKDNOMTV21@@YAHHH@Z
?TIKDNOMTX23@@YAHHH@Z

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE