21e1a1d74f6f4315d7666dc3e1403e6c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e1a1d74f6f4315d7666dc3e1403e6c_JaffaCakes118
Size

190KB
MD5

21e1a1d74f6f4315d7666dc3e1403e6c
SHA1

fe0f118292a485eaddf3799702e1617e0a62778d
SHA256

638ac491ec6149790e2fd34ee9978cdca58d7b205fd1fbd741c661e85a5804be
SHA512

a080a01150c2482bb7d2f4e643f842e6dca59d022c3e49ea55257e40f63d93822185409df7d52b03b1dfbf859f542d42003bdd413a48e8f8d783b047f42c7172
SSDEEP

3072:qKsjElYhhjKBA5XIWcp64t+tc9ZXjw03z4wg0mIrd4ZSsj24f6w2jqxbrK+v:pAEl0txcp6h6Xj53kj0mIrdOSJm/+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e1a1d74f6f4315d7666dc3e1403e6c_JaffaCakes118

Files

21e1a1d74f6f4315d7666dc3e1403e6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a06400ce92af9c9bfb96f57cd406d56d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext

kernel32

TerminateThread
SetProcessPriorityBoost
InterlockedDecrement
WriteFile
DeleteCriticalSection
GlobalLock
EnumResourceTypesA
ReadFile
GetModuleFileNameW
CreateProcessW
CreateFileW
Sleep
GetModuleHandleW
GlobalAlloc
CreateEventW
GlobalUnlock

ole32

GetHGlobalFromILockBytes
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ