240174cf3916247c289b6b907a20e02c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240174cf3916247c289b6b907a20e02c_JaffaCakes118
Size

96KB
MD5

240174cf3916247c289b6b907a20e02c
SHA1

8080b7fa40cfaf7910e2ddc8833a4409df0bbc79
SHA256

1a61157025b80146abdd49121a1ffaac5fb64a213efd4f02c0608a3206b17b37
SHA512

b88acf9921c654137e3790fcdcc6df9cdddaa0ab8cf15b473b15f6445be7a5b53688a54d78fb188b072e7af77bfb6e740a76967571bcedafee3494a02ea8f24b
SSDEEP

1536:P1wtCfX9uXiWlBsfUK9l1aiZU027+CYgsSfZ80ybeQgGvLXOPJvgpDWAnPp/d3:P1wteX9uXiWlBmRKiZziS3p08eHgOFo1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
240174cf3916247c289b6b907a20e02c_JaffaCakes118

Files

240174cf3916247c289b6b907a20e02c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bbf538c42aadd4cf6d8684477066a2c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
SetVolumeLabelA
GetCurrentProcessId
VirtualAlloc
WideCharToMultiByte
GetCommMask
CompareStringA
SignalObjectAndWait
LeaveCriticalSection
GetAtomNameA
GetStartupInfoA
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEIJUNLI
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ