6977003bc426d6d572b2a76193165da7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6977003bc426d6d572b2a76193165da7_JaffaCakes118
Size

58KB
MD5

6977003bc426d6d572b2a76193165da7
SHA1

2102eade390596559b2178bf9c2bfe9e7011b315
SHA256

093c0d07a8eaf8ab3ae87de37471f9e9708bbc92cf33fab73a835438db99b15c
SHA512

83b8e3c6a2f9bf30ceabd9f9fe398662f1d450d06fd2eebb15493098b84eab8c9db86c9d01741760bb1b0893c437ae9bf24ce139b5f7bfff540bd3e2a1571367
SSDEEP

1536:akSDVMrpP3Nyb4dI/LUQ/KH28vKlb0jd/y4jwUkt:dmVrb4dI/wSK/vOgZ640U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6977003bc426d6d572b2a76193165da7_JaffaCakes118

Files

6977003bc426d6d572b2a76193165da7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

233d43c85d3e6d8c909589d1c7274413

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetCursor
LoadImageA
GetMessageA
DrawTextA

kernel32

SetEndOfFile
lstrcmpA
WriteFile
VirtualAlloc
TlsSetValue
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
GetModuleHandleA
GetStartupInfoA
LoadLibraryA
Sleep

ole32

CoInitializeSecurity
OleCreateLink
WriteClassStg
CoGetCurrentProcess

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE