6345a01e21bd3a4d158a969eecb41fdc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6345a01e21bd3a4d158a969eecb41fdc_JaffaCakes118
Size

74KB
MD5

6345a01e21bd3a4d158a969eecb41fdc
SHA1

c3756d3de4703b44a2b751899bec9aa1b15c9c1c
SHA256

45e8245b5c648a6c122de2b93b525b45d9d4ef5575cfd80ee7480d35588e7ae7
SHA512

bb738fb49f5b413dcadb1509d2e930723ac46e7d693de3353dae641347a28f980153b03b6809ed5bdfbca05d0ef3fa536374ca2f33966ef5e89a0bd76107d358
SSDEEP

1536:YmwiphclMnM2OY2nRI/7264zBbQpfknqh/vXQJTT6jJAP0fsShW:YpWhWMnYY4ID26uh2NvXQiJ8/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6345a01e21bd3a4d158a969eecb41fdc_JaffaCakes118

Files

6345a01e21bd3a4d158a969eecb41fdc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c5d4c9ffca76593cd0f94875b5afdab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
_strnicmp
strchr
free
wcscpy
_stricmp
__winitenv
__mb_cur_max
printf
rand

ulib

??0ARRAY@@QAE@XZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?Fatal@PROGRAM@@UBEXXZ
??0CLASS_DESCRIPTOR@@QAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?Compare@OBJECT@@UBEJPBV1@@Z

ntdll

wcsstr
RtlNormalizeProcessParams
NtQuerySystemTime
NtQueryVirtualMemory
RtlWriteRegistryValue
NtReadFile
NtCreateEvent
RtlSystemTimeToLocalTime
RtlInitializeGenericTable
wcschr
NtFsControlFile
_allrem
NtDelayExecution

kernel32

InterlockedDecrement
GetCurrentThread
GetConsoleOutputCP
InterlockedExchange
GetThreadLocale
InterlockedIncrement
LocalAlloc
ResetEvent
SetEvent
lstrlenA
lstrcpyA
GlobalLock
lstrcmpiW

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE