69a95d1b5ee866f75e8e0db46e020638_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69a95d1b5ee866f75e8e0db46e020638_JaffaCakes118
Size

80KB
MD5

69a95d1b5ee866f75e8e0db46e020638
SHA1

a1617b4abb41ed881905d714b7d1093c935b9e94
SHA256

d52ff7d1099e75e5c4108deed16424945d5eec2ae2c6e3c4b3882164bf868a6a
SHA512

f75a48988691b776c0164296f2275a866e340b85bbbb9b733fc4ecd85dd3fa4eb2a37ebad232fb508f5218e98e6991d2869a86c1f031d3c2c6cfbddfad806228
SSDEEP

1536:gofeZS101NqyY8u0XeHfpVOtSv6i0T/Nx8wn:goWD7cVOtl8wn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69a95d1b5ee866f75e8e0db46e020638_JaffaCakes118

Files

69a95d1b5ee866f75e8e0db46e020638_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43269ce048522fff24b6412c0bc03025

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
LoadLibraryA
WriteFile
SetWaitableTimer
FindNextFileW
SizeofResource
QueryDosDeviceW
GetTickCount
lstrcpyW
GetCurrentProcessId
FreeLibrary
CloseHandle
GlobalLock
SetEvent
GetLogicalDrives
GetPrivateProfileStringW
SetLastError
GetCurrentThread
VirtualAlloc
GetProcAddress
GetVersion
GetFileSize
GetCurrentProcess
ResumeThread
FindClose

Sections

.sepqtuz
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cjjayv
Size: 4KB - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shuweyj
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE