6ff58670c349347714bc58f952341791_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ff58670c349347714bc58f952341791_JaffaCakes118
Size

8KB
MD5

6ff58670c349347714bc58f952341791
SHA1

064bb494288ad34da15eaaf60b6a8f2149b55650
SHA256

cbf37dd1485d006312143439658e2e569ca4ad350dd26b0baef956d46306da7b
SHA512

eb1ac5f1722e3acf7ed42da61a889be32158ac76dc34e06cc6600d9a0bdfa03867e8e19b1c05bb51ea0b3b2ba3fdf48dd6804b35f15c998f54c222720beb74cf
SSDEEP

192:3oXXiGJks0Hl+m5ZUt8ZuZ0oMhP6iLf/UgOG7WNN:4niFNFRnUt8ZFrV6wVOG7WP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ff58670c349347714bc58f952341791_JaffaCakes118

Files

6ff58670c349347714bc58f952341791_JaffaCakes118
.exe windows:4 windows x86 arch:x86

286a72cf922c7e88c4ab4a001e69a9f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetCurrentProcess
CreateProcessA
GetStartupInfoA
GetTickCount
CancelIo
lstrcpyA
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
LoadLibraryA
GetACP
lstrcatA
GetThreadPriority
MoveFileExA
CloseHandle
CreateFileA
lstrlenA
GetTempFileNameA
CreateDirectoryA
Sleep
lstrcmpiA
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryA
GetModuleFileNameA
GetTempPathA
GetShortPathNameA
GetLastError
CreateMutexA
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
ExitProcess

user32

SetActiveWindow
GetActiveWindow
GetTopWindow
wsprintfA
GetCapture

gdi32

GetBkMode
CreateCompatibleDC
GetBkColor
GetBrushOrgEx
CreateCompatibleBitmap
CancelDC

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE