1b47139165fb8aa6a2758cca3ef6e343_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b47139165fb8aa6a2758cca3ef6e343_JaffaCakes118
Size

79KB
MD5

1b47139165fb8aa6a2758cca3ef6e343
SHA1

944a65d91a80394d7fd51693e1ad161396bc44d5
SHA256

2df4d9cc7c6d93eea1e806eb5b7203d909801061543b6829ecadfd52e49cedd7
SHA512

af4e322c618be67c5b54d38ab5620566444ce7b75e000194a6b47bb9433a469e4b147c0beaf45bd4d03d42f149dc2f855d9297683a6a27351bbdb59b249a5e81
SSDEEP

1536:RzUE//IbXbKMuMqGvxmDilwish8h5EGrRzydNM1Mm5PJFMDhzs:ZUE//IX2Mu60v1QP5oDhzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b47139165fb8aa6a2758cca3ef6e343_JaffaCakes118

Files

1b47139165fb8aa6a2758cca3ef6e343_JaffaCakes118
.exe windows:5 windows x86 arch:x86

01d3ae82405b57187ea050e05677bd82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcpyA
CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrcpynA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetTempPathA
CreateMutexA
OpenMutexA
ExitProcess
lstrcmpA
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

wsprintfA

shlwapi

SHGetValueA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE