3472c659b434bce56915c9e811a8a508_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3472c659b434bce56915c9e811a8a508_JaffaCakes118
Size

192KB
MD5

3472c659b434bce56915c9e811a8a508
SHA1

bea27d49cbc92691e03506c7e3e34c1c35fe9a17
SHA256

fb2d1bc50f40fe3c5affe5ff257e190ec55d45d4cd701808c211936aa95ca722
SHA512

6b69de6d837aefffd850b4c27276ff6cbe5a7b284b57ade8ef5bd1e332f005148c12d938a06dc23213ec2029487b9b3fd7b3a6eb0f1319b7366bd9552b2704a5
SSDEEP

3072:a8OdmJnR4rL7GLL3mPSCnuq4SooYd6+s3VrHwjgAjze+9DpL:+dcnR46f3mqCYSoL6+segD+9Dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3472c659b434bce56915c9e811a8a508_JaffaCakes118

Files

3472c659b434bce56915c9e811a8a508_JaffaCakes118
.exe windows:4 windows x86 arch:x86

561a769592c9f43672840d2352c854ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetHGlobalFromILockBytes
CoTaskMemFree
StringFromGUID2

imm32

ImmAssociateContext

kernel32

WriteFile
SetProcessPriorityBoost
ReadFile
CreateEventW
GlobalLock
CreateProcessW
Sleep
EnumResourceTypesA
GlobalAlloc
CreateFileW
InterlockedDecrement
TerminateThread
GetModuleHandleW
GetModuleFileNameW
DeleteCriticalSection
GlobalUnlock

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ