85aa6f8ae383c82c461a63bb4d2344c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85aa6f8ae383c82c461a63bb4d2344c1_JaffaCakes118
Size

212KB
MD5

85aa6f8ae383c82c461a63bb4d2344c1
SHA1

01ce36c767c13e6610ae6e8474654c8ec4badd87
SHA256

c96bc691ae73a36b8f5bfc9b82aa35f2d1342cf1b057bf4ce30188c67c87758c
SHA512

c16efa279dcfdf3db431ce7b712a02489b7651268e400af0b7acf5b0a12f978f90d98bac007bb10f5b21f57f56ff475e824cf95a7694c9b49f89208fd895900f
SSDEEP

1536:4dWfQlSgWbpuSSfACpY4606Ow3ks+RKAf/CM+7dvrrAiMlLLd+E2LuOX3c7N:4XbWbpuSSP+4Tzs+0A3C3AiOkLuOX3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85aa6f8ae383c82c461a63bb4d2344c1_JaffaCakes118

Files

85aa6f8ae383c82c461a63bb4d2344c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bad078fe4266a695a65ae996f60ea2e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
ReadConsoleA
GetCurrentProcess
WritePrivateProfileStringA
WriteFile
BeginUpdateResourceA
RaiseException
GetEnvironmentStringsA
ReadConsoleA
LoadResource
GetVersion
LCMapStringA
GetCPInfoExA
VirtualAllocEx
DefineDosDeviceA
FindCloseChangeNotification
CreateFileA
GetTempPathA
FlushFileBuffers
FindResourceA
GetLocaleInfoA
EndUpdateResourceA
AddConsoleAliasA
OpenThread
GetFileInformationByHandle

wininet

FtpSetCurrentDirectoryW
InternetQueryDataAvailable
ResumeSuspendedDownload
InternetUnlockRequestFile
InternetGetConnectedStateExA
InternetCrackUrlA
DetectAutoProxyUrl

Exports

Exports

InitTkuvkandi
ReadQibcqtxbc

Sections

.rtext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 200KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ