6f93082fb60dd508552a125e039da12a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f93082fb60dd508552a125e039da12a_JaffaCakes118
Size

176KB
MD5

6f93082fb60dd508552a125e039da12a
SHA1

d96014b4d266738832025e2c75f866bfd96a2821
SHA256

925bc012c0f44f2f7ed212346a7281175d3415b3fb59c0d67469bccd6d114426
SHA512

ba42b170e92280d35de9ca070cd08bcd38770cd9fde68c249a7fed43af4c37f510090a7cacf404a8c407a7bc4848eb377cc7548b811fc8bb3027add965a54ff9
SSDEEP

3072:ZKStqyMxGjDZyVMpo4syFPg87Wpa22BTWxjHQaWIyDaJ0AUnWcl3AuNs:l0y/wuzsyFI8t22xFnIyD20hnnpAu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f93082fb60dd508552a125e039da12a_JaffaCakes118

Files

6f93082fb60dd508552a125e039da12a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7d6969f2983bef5cfe8bc6bf56a6b77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
MoveFileExW
GetCalendarInfoA
SetEvent
FlushFileBuffers
CreateFileW
WriteConsoleW
TlsSetValue
GetModuleHandleA
SetLastError
LoadLibraryExW
GetVersionExA
InterlockedIncrement
CreateThread
MapViewOfFile
GetProcessHeap
TlsAlloc
HeapFree
GetVersionExW
HeapAlloc
GetConsoleMode
EnumResourceNamesA
GetTempPathW
GetExitCodeProcess
FindFirstFileW
TlsFree
GetProcAddress
GetConsoleCP
CreateFileA
CreateProcessW
GetModuleHandleW
WaitForSingleObject
GetEnvironmentVariableW
TlsGetValue
ExitProcess
UnmapViewOfFile
CreateDirectoryW
GetLastError

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

ole32

CoGetMalloc
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ