4275fdca99b14eb73599c1e138f0a43b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4275fdca99b14eb73599c1e138f0a43b_JaffaCakes118
Size

92KB
MD5

4275fdca99b14eb73599c1e138f0a43b
SHA1

1d26ab850eb6650de2e6142d041b96d41d2b0aa3
SHA256

c9fd17c4b34f4b0c07c0dad1243cfb1eced89c46fc01e79d990f73fb7ed5e01e
SHA512

b9bc3d2dcd1a6822449e7e5c898ff81347c2010427d2106cecd7129858ba85a60ccaba5ad30b8d89f9eea807aa339e948b004bc3b5a021986eefaf297cd50ef8
SSDEEP

1536:8kdqrIYntvrcR3Aw/YFb4kSUMkQSfPdm4ndGmaQ/IXmyUs:bdqzt433AFb4xkd1dX/I2yz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4275fdca99b14eb73599c1e138f0a43b_JaffaCakes118

Files

4275fdca99b14eb73599c1e138f0a43b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05cfc562123d0708e012a32cc7a31d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
GetCurrentThread
SetEvent
FreeResource
HeapCreate
AddAtomA
VirtualQuery
BackupRead
SetEvent
FlushConsoleInputBuffer
MoveFileWithProgressA
EscapeCommFunction
GlobalWire
SetConsoleMode
GetProcessVersion
UTUnRegister
GetCurrentDirectoryA
MapViewOfFile
GetCommandLineA
GetStartupInfoA
ExitProcess
WriteFileGather
LocalFlags
_lopen
GetTickCount
MapViewOfFile
CopyFileA
SetCommTimeouts
GetFileSizeEx
GetDiskFreeSpaceExA
LockFile
GetProcessAffinityMask
FoldStringA
GetCompressedFileSizeA
CreateTapePartition
LocalAlloc

Sections

WEIJUNLI
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ