6ffacb3eabd2c48e28df930500e459ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ffacb3eabd2c48e28df930500e459ca_JaffaCakes118
Size

375KB
MD5

6ffacb3eabd2c48e28df930500e459ca
SHA1

8b5cbca011e8f2d5ad2360e46f6ae7139e5e8496
SHA256

7b4b9c5bc2592f9ffdbb70ffe78807cf3e751791bc3455694c6578bd0251f8c8
SHA512

ca7f09feb4885df6d6a67aa0b310ece63557d10dbe91d111d254bd26764fe3c4e38a9c9b78d86bddc9fa71be57b39418d5fde9c055648b4f9e146d3b396159a0
SSDEEP

6144:gXcxNet6rln5xUvKOA4gHGu2iB4/KFH5RiVKX70z45FR3MKFpxj8:ycxNHx5xUv04gHGoBLji0X70z+dU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ffacb3eabd2c48e28df930500e459ca_JaffaCakes118

Files

6ffacb3eabd2c48e28df930500e459ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2743cb4a77e7e8426787fe6a10883fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
HeapCreate
GlobalUnlock
UnmapViewOfFile
GetCurrentDirectoryA
GetComputerNameA
LoadLibraryW
GetCurrentThreadId
lstrlenA
Sleep
lstrcpyA
FindClose
FindResourceW
CloseHandle
LocalFree
CreateProcessA
GetCommandLineA
GetModuleHandleA
CreateFileW
SetLastError

user32

CheckRadioButton
SetFocus
GetCaretPos
GetDlgItem
DrawMenuBar
DrawEdge
DispatchMessageA
FillRect
IsWindow
CreateWindowExA
GetDC
CallWindowProcA
CreateIcon

cryptui

CryptUIDlgSelectStoreA
LocalEnroll
CryptUIDlgCertMgr
CryptUIDlgSelectCA
WizardFree

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 299KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ