84ef5134af849798e9876b62432b43e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84ef5134af849798e9876b62432b43e6_JaffaCakes118
Size

287KB
MD5

84ef5134af849798e9876b62432b43e6
SHA1

d8f1354cd6dde861026e806f08a75236ec9afe8b
SHA256

886f861bf372c549997e6fb266f294efa9b1d7b12092dc08c571a4c4fcd64bd7
SHA512

f509b7a33be2a3f80d34cdcb5fbc7c11393547561f510d9fab279d8ec65fcd376b7b005d1406b0e6870e47b302e6a75ad627a72d59f453034f0686ccf53a3f5b
SSDEEP

6144:u+LKIO31Tmtxl6DsDKSCpxcpxRNcyE1VwUM8pzH90TqnygeW:u+hO3hmlws/CpxclKy2V5M8bTeW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84ef5134af849798e9876b62432b43e6_JaffaCakes118

Files

84ef5134af849798e9876b62432b43e6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c3979b0a20b68a8806e2a16fd09d163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
GetCommandLineW
GetVolumePathNamesForVolumeNameW
GetComputerNameExA
ReplaceFile
GetConsoleKeyboardLayoutNameW
ConvertDefaultLocale
CopyLZFile
FormatMessageW
DeleteFileA
GetCommModemStatus
GetDiskFreeSpaceA

user32

SwapMouseButton
GetDC
DdeConnect
GetWindowRgnBox
GetMenuItemCount
EndDeferWindowPos
DdeUninitialize
PrintWindow
GetNextDlgGroupItem
KillTimer
SetProcessDefaultLayout
IsClipboardFormatAvailable
SetWindowRgn
ArrangeIconicWindows
SendIMEMessageExA

Sections

.text
Size: 281KB - Virtual size: 284KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE