6f403815e4d431df8e155a67840cf8b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f403815e4d431df8e155a67840cf8b8_JaffaCakes118
Size

25KB
MD5

6f403815e4d431df8e155a67840cf8b8
SHA1

63814980af2f43c59f87df8366a0fd03649ac4aa
SHA256

fdc1cd26209fc586f6586423ede19c2e050f1abc058a916728f77f1634e9b00f
SHA512

91ab03d96251e5718b874091df88d59416808b09af784865b7938f082c91e431e8fca32a8860324ef1ff1cc975e8748cd1c8f65ebccd1b54907b069a6fe2f640
SSDEEP

384:EtfmrccHIXvYV8+w7L+0J/ltd09l6cqlL5O:EurcKAM8/J/ltQElL5O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f403815e4d431df8e155a67840cf8b8_JaffaCakes118

Files

6f403815e4d431df8e155a67840cf8b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

407675e8cb42b463e62205cbfdc0675e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
EnterCriticalSection
ExitThread
FindFirstFileA
GetSystemDirectoryA
GetThreadLocale
GetTickCount
GlobalAlloc
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
LoadLibraryA
LocalLock
LocalSize
MapViewOfFile
MoveFileW
SetEvent
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
WaitForSingleObject
WriteConsoleA
lstrcatA
lstrlenA

user32

CharNextA
DestroyIcon
IsMenu
LoadCursorW
MessageBoxA
RegisterHotKey
RegisterWindowMessageW
SendNotifyMessageW
SetCursorPos
SetWindowTextW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ