0385a1307978eaa2af028739062c1223_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0385a1307978eaa2af028739062c1223_JaffaCakes118
Size

806KB
MD5

0385a1307978eaa2af028739062c1223
SHA1

b7eade3c4f7e33024b01bdc41f654409fa0c31f9
SHA256

e6cbb4be7cb2bc83e058aeb409e1e138ad4b2d08baad54f23d3b636c7adc03bf
SHA512

328867f7b526f2c04bb7f92d002b5dd3183db3092cb61e64625b228e5bcf31981ec23e63caf4d402520fd2f8f079c4d9fe7c0b2719fc2d690b92207504c4ef86
SSDEEP

24576:dE1LsP1mxmbmHaGms+iD/NGcYaYt3Mhe6S:dE1AP1mxmbwaGmVijNGcYaAz6S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0385a1307978eaa2af028739062c1223_JaffaCakes118

Files

0385a1307978eaa2af028739062c1223_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fc81ce8de2b8476b6e50259dd821fa6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
PulseEvent
LoadLibraryW
ReleaseMutex
DeleteFileW
ReadConsoleA
SearchPathW
GetLogicalDrives
Sleep
ReadConsoleA
HeapSize
GetStartupInfoA
GetLastError
GetStringTypeW
VirtualProtectEx
GetPrivateProfileSectionA
TlsGetValue
ReadConsoleA
GetDriveTypeA
FindAtomW
lstrlenA

dsprop

ErrMsg
FindSheet
CheckADsError
MsgBox
CheckADsError
FindSheet
MsgBox
FindSheet
ReportError
MsgBox
ErrMsg
ErrMsg
ReportError

gpedit

ExportRSoPData
DllGetClassObject
DllCanUnloadNow
BrowseForGPO

Sections

.text
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 704B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 1.4MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 802KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE