46864093f9d1ae9b1648bf9ac045645f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46864093f9d1ae9b1648bf9ac045645f_JaffaCakes118
Size

173KB
MD5

46864093f9d1ae9b1648bf9ac045645f
SHA1

d4ef28cfa5e8dc755f8e18fdbe361ee8b0770297
SHA256

a593f6025a064bc5a6f591b76871e40191e9195e5c814d9a53f045be2c9b39e6
SHA512

bd6b76975ffc7c2734a260944c697fccafcee06f4e48a10b001800702f7f9141e587eb884ce8ae2eb5d9783015c298005dc98cac5c7bf77eb9136141c6760fe1
SSDEEP

3072:uQukcBYjyGBX817+4XYlyVV0FfTXRLJsEN/sK6:5XcB+XGXfj0FThLIK6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46864093f9d1ae9b1648bf9ac045645f_JaffaCakes118

Files

46864093f9d1ae9b1648bf9ac045645f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

416591afab988b8897e8ec55ad50f97d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
MoveFileW
SystemTimeToFileTime
PrivMoveFileIdentityW
CloseHandle
LoadLibraryExW
VirtualAlloc
GetSystemTime
CreateFileW
AddAtomW
WriteFile
lstrcpynW
GetProcessId
GetUserDefaultUILanguage
DeleteAtom
UnmapViewOfFile
CreateEventA
OpenProcess
CreateFileMappingA
GetProcAddress
EnumResourceTypesA
MapViewOfFile
VirtualFree
OutputDebugStringW
DuplicateHandle
ExitProcess
GetModuleFileNameW
GetFileAttributesA
GetFileAttributesW
SetEvent
WaitForSingleObject
LoadLibraryW
CreateDirectoryW
GetStdHandle
ReleaseMutex
LoadLibraryA
CreateMutexA
FindAtomW

oleacc

LresultFromObject

user32

GetDC
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowInfo
GetUpdateRgn
MessageBoxW
EndDialog

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ