64dd466c9526c7d1aa7be900c406cc20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64dd466c9526c7d1aa7be900c406cc20_JaffaCakes118
Size

363KB
MD5

64dd466c9526c7d1aa7be900c406cc20
SHA1

7c62645d2e6b5e2f8daf24f05b265d64458e00b5
SHA256

b675e1ec3f4892881b78ae966cda59ac6f31444cb0e5ee682878360718328daf
SHA512

473e920652b9ceed3f8be7233be05fbcf43183e71ca9731ad247c1b0ce48c598cf2c2b140b8087eee6b74a367d1ecbb1cfd6d5543abb693095cff0f5b3c16eb2
SSDEEP

6144:CiJwnMGOr8fe0AJgjchjTnDqNkCYV7zj9nd56t6L8R8NmC:t+n9O8e0Fcx/bV7Pn5k+XNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64dd466c9526c7d1aa7be900c406cc20_JaffaCakes118

Files

64dd466c9526c7d1aa7be900c406cc20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6da451643cf99a5a127a77c055e9ceb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetComputerNameA
EnumResourceTypesA
TlsGetValue
GetExitCodeProcess
ReleaseMutex
DeleteCriticalSection
GetTickCount
CloseHandle
GetModuleHandleA
GetDiskFreeSpaceExW
LoadLibraryExW
Sleep
FreeConsole
VirtualProtect
SetLastError
GetCommandLineA
GetDriveTypeA
FindClose

shell32

SHGetDiskFreeSpaceA
ExtractIconA
SHGetMalloc
ShellMessageBoxA
DuplicateIcon
StrChrA
DragQueryFileA
SHFree
SHGetSettings
DragAcceptFiles
ShellAboutA
DragFinish
DllUnregisterServer

printui

vQueueCreate
bFolderGetPrinter
vPrinterPropPages
PnPInterface
bPrinterSetup

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ