6f581251b077985dc8d9e5a293fe6624_JaffaCakes118 | Triage

Sharing

General

Target

6f581251b077985dc8d9e5a293fe6624_JaffaCakes118
Size

42KB
MD5

6f581251b077985dc8d9e5a293fe6624
SHA1

bfb2b157cfedef2bc78a8d0f0d6cc7a3236999ff
SHA256

2a11da22e08b480d6253135552311cbf11388029501b389a738778cd14feef17
SHA512

c699feb88138c9110367296cbb27933102d91b308d4c374e3680cc8d7fcc9973a07d08b0ce9092569c1202ac473e8aa83c1b5da469b224e14c640442e28c72e3
SSDEEP

768:2BKnK9R2tLDbuRoIrRNYbB9FNabpRgV3xlRhgbw0T5TVGfV6xzCH3cKkAGOsXdR1:2BNeLH8PrPYbTXa8Jxrh4vT5T0fjH3qD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f581251b077985dc8d9e5a293fe6624_JaffaCakes118

Files

6f581251b077985dc8d9e5a293fe6624_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89bdf9a9530246ba9447ca77b9038cfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
GetACP
GetCommandLineA
GetExitCodeThread
GetFileType
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetThreadContext
GetUserDefaultLCID
GlobalLock
GlobalReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapReAlloc
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LeaveCriticalSection
LocalAlloc
MultiByteToWideChar
RtlUnwind
SetErrorMode
SetEvent
SetLastError
SetUnhandledExceptionFilter
SizeofResource
lstrcmpA
lstrcpynA

msvcrt

__p__commode
__set_app_type
exit
isdigit
strpbrk
__getmainargs

user32

SetCapture
TranslateAcceleratorA
IsDlgButtonChecked
FrameRect
DestroyIcon
GetCursorPos
RemoveMenu

ole32

CoTaskMemRealloc
CoCreateInstance
CoBuildVersion

Exports

Exports

GetSSIDForAdapter
GetUpdateVersion
IchFromXRaw2
NxCookTriangleMesh
ServerGetApplicationType
W32N_MakeNdisRequest

Sections

.text
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ