6648037016868585f6779c0d2809bffd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6648037016868585f6779c0d2809bffd_JaffaCakes118
Size

208KB
MD5

6648037016868585f6779c0d2809bffd
SHA1

7bcfeda491e58aea421d27d54b8beaaa163c74cb
SHA256

1bbd0e4f0cf15fcc72ecdcbe93a745ebe7aacaa2f737b30ebf00cd533cd81b4e
SHA512

4263242ca470d945b704c290221b627e229af5ce135689e3cc0d6bddbb230779daa73da0417bcc54bbfff6ce4f6bd2b9e16653842054193948abc75233b621a9
SSDEEP

3072:jTCUfwl09WWCLAYnVBTFQciPkKoFqu+GrDv2Ts21:jT94tWEQmKMqJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6648037016868585f6779c0d2809bffd_JaffaCakes118

Files

6648037016868585f6779c0d2809bffd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1497f74cf95e6df970856cdf8561347d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
GetCurrentProcess
OpenMutexA
WriteFile
GetModuleHandleA
GetTickCount
LZDone
GetShortPathNameA
VirtualAlloc
GetDllDirectoryA
GetConsoleFontSize
GlobalDeleteAtom
GetSystemWindowsDirectoryA
GetDiskFreeSpaceA
GetCurrentConsoleFont
GetLocaleInfoA
WriteConsoleOutputA
GetProcAddress
GetVersion
WritePrivateProfileStringA
GetCommState
ReadConsoleA
GetThreadPriority
Toolhelp32ReadProcessMemory
GetNativeSystemInfo
GetEnvironmentStringsA
SetCurrentDirectoryA
GetProcessIoCounters
GetStringTypeA
GetStartupInfoA

wininet

InternetGetConnectedStateExA
FtpSetCurrentDirectoryW
InternetCrackUrlA
FindNextUrlCacheEntryW
ResumeSuspendedDownload
InternetUnlockRequestFile
InternetQueryDataAvailable

Exports

Exports

BeginAkrtapxo
AddGuauaup

Sections

.rtext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 196KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ