6310781df92742884f33cdfa115eca83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6310781df92742884f33cdfa115eca83_JaffaCakes118
Size

173KB
MD5

6310781df92742884f33cdfa115eca83
SHA1

8f563dfa616e3c3905180b20ea3e13853ecd7312
SHA256

2faea6e7a8b9b47d83ba64cb27f611adca4115c5a2d3beeffc0ab0fb0909352d
SHA512

88307cc8ff8d694a445336c817231189c88ccf9140697b3a4abc872ededddfef9f8434f6d8fc41e676f2fe6b1d7563852657bb15520f7ad52fb51698c100ff9e
SSDEEP

3072:uQukcBYjyGBX817+4XYlyVV0FfTXRLJsEN/sK6:5XcB+XGXfj0FThLIK6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6310781df92742884f33cdfa115eca83_JaffaCakes118

Files

6310781df92742884f33cdfa115eca83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

416591afab988b8897e8ec55ad50f97d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
MoveFileW
SystemTimeToFileTime
PrivMoveFileIdentityW
CloseHandle
LoadLibraryExW
VirtualAlloc
GetSystemTime
CreateFileW
AddAtomW
WriteFile
lstrcpynW
GetProcessId
GetUserDefaultUILanguage
DeleteAtom
UnmapViewOfFile
CreateEventA
OpenProcess
CreateFileMappingA
GetProcAddress
EnumResourceTypesA
MapViewOfFile
VirtualFree
OutputDebugStringW
DuplicateHandle
ExitProcess
GetModuleFileNameW
GetFileAttributesA
GetFileAttributesW
SetEvent
WaitForSingleObject
LoadLibraryW
CreateDirectoryW
GetStdHandle
ReleaseMutex
LoadLibraryA
CreateMutexA
FindAtomW

oleacc

LresultFromObject

user32

GetDC
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowInfo
GetUpdateRgn
MessageBoxW
EndDialog

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ