61a628c490ca62fbea8f1ccf6aea3fb3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61a628c490ca62fbea8f1ccf6aea3fb3_JaffaCakes118
Size

370KB
MD5

61a628c490ca62fbea8f1ccf6aea3fb3
SHA1

e246c00f724258964f1aa9b3dae20ed082ea7117
SHA256

2ef3034217fbffac466c8d97f33cb528162b80dce74c30e7c0d8fdce6c5a08a1
SHA512

8e7e7d63d80ae3dfbc65fe5fd259b69e8b9f2eddfa144aa6eb00c92d50778fa785082369c6919009dabf2184705c1560300bc7c4f713fd2762268ed03844de57
SSDEEP

6144:62OxRMct0HEAT1fxhcMxW2pL7lv6w2K/PkFtR6sFHYnHFWhTyHVEOSQTQiJY7jMb:ExRMhHEAJLjpFv6w2K/PkFtlVMHFWg10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61a628c490ca62fbea8f1ccf6aea3fb3_JaffaCakes118

Files

61a628c490ca62fbea8f1ccf6aea3fb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f2660281ce4c64f918e443af72f9f65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetFileTime
GlobalFlags
ReleaseMutex
LocalFree
ReleaseMutex
GetEnvironmentVariableW
TlsGetValue
CreateEventW
GetPrivateProfileStringA
WriteFile
GetDriveTypeA
GetCurrentThreadId
HeapCreate
LoadLibraryW
InitializeCriticalSection
lstrlenW
FindAtomA
FindClose
IsBadStringPtrW

user32

GetSysColor
DrawStateW
EndDialog
GetClientRect
CreateWindowExA
GetClassInfoA
GetKeyboardType
DispatchMessageA
IsWindow
DrawTextA
SetFocus
GetSysColor
CallWindowProcW

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

cryptui

LocalEnroll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ