85542600f945650629e0a18834d85003_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85542600f945650629e0a18834d85003_JaffaCakes118
Size

336KB
MD5

85542600f945650629e0a18834d85003
SHA1

54505a740cfd21c4b72adc56f509f7761bdd1939
SHA256

b562c3fcb3addcc8f26028c4ffe27680b4c40a5cd40f6d88bcabc1e97373f25d
SHA512

16786ad1508d2ba6852802da29837c665deeed4b6c359b52e4b583f743d783ba028b2a035bfb9007b69cea6870536f68fe8b930c6c48b6e7235f3e7148a554b5
SSDEEP

6144:v2lAQAGA2huW4rysf8rNhYTo6mRkMskZxg91f33YwpourPH:v3ZGQW4CAE6maMZDq5nYwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85542600f945650629e0a18834d85003_JaffaCakes118

Files

85542600f945650629e0a18834d85003_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc1f6d8e70c2df1b034ce822c67d91e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetProcessHeap
GetNamedPipeInfo
IsValidLocale
IsSystemResumeAutomatic
ReleaseSemaphore
DeleteAtom
CloseHandle
DuplicateHandle
GetModuleFileNameA
GlobalAlloc

user32

SendMessageA

Sections

heivbBsd
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

nHgLnpNv
Size: 4KB - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lTXdRiGq
Size: 272KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JpVhRjxe
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MWrXBxdw
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KVecoWSP
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE