81fe198dc44aa884fc05477587a7a238_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81fe198dc44aa884fc05477587a7a238_JaffaCakes118
Size

177KB
MD5

81fe198dc44aa884fc05477587a7a238
SHA1

b0dfe38afe91199ffaba3f7a264a51792aba24bb
SHA256

6a70701f6b66afc32227c911232fe018f8f1cf80d233a032fa5d9d2a02712d2a
SHA512

2bc73888b1ba69901505db2515b28574ebd414142b046c1b2253c5361cac0d2e9d2f3d5f96526aaae84f0d9eb473122076c3ac3e3d1915b7b9f70cd540b60692
SSDEEP

3072:HDG8904UuD8PjRVE4IcwZ/lKkUd4kwk5s6BfDLh+QLSn:Hx0vuDiHElv9ltawKs07L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81fe198dc44aa884fc05477587a7a238_JaffaCakes118

Files

81fe198dc44aa884fc05477587a7a238_JaffaCakes118
.exe windows:1 windows x86 arch:x86

57ac24b3fadbb998c1d3b00fb27c06a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetStringTypeExA
GlobalSize
OpenFile
WriteConsoleOutputCharacterW
UnlockFile
Thread32Next
GetDiskFreeSpaceA
GetCurrentThreadId
SetErrorMode
GetCurrentDirectoryA
IsSystemResumeAutomatic

ntdll

RtlGetLastWin32Error

advapi32

RegQueryInfoKeyW
AddAce

comctl32

InitCommonControlsEx

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ