874b6b193a914761e6fa8c92712b098a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

874b6b193a914761e6fa8c92712b098a_JaffaCakes118
Size

328KB
MD5

874b6b193a914761e6fa8c92712b098a
SHA1

fc77cf1cde9b30b46bcf4db64400a4150ad93f57
SHA256

5d7930eae6617f84968b3ff6a2e954edc6122cd3feb666a748db7b897f796aab
SHA512

877bb8b0bead3cd0c28aaac5682697a53b4499fd062f0d64f4d6dd132a12939d0daa6d413901a7be233878b676c0486befb0ffc26c90c9df259b02a2b6b02b5c
SSDEEP

6144:+6EdVfJLggk2ngRYDsVZHD/w/1AbHDrXVtHXA00LPEeCnYSfFLqx+39b:idVs2nvqD/q1An10LPsYS9L8+39

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
874b6b193a914761e6fa8c92712b098a_JaffaCakes118

Files

874b6b193a914761e6fa8c92712b098a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b839e10d0ea4d2eb75040849286f3f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ExitProcess
Sleep
GetCommandLineA
GetTempPathA
CloseHandle
ResumeThread
MapViewOfFile
CreateFileMappingA
GetFileSize
WriteFile
GetSystemInfo
CreateFileA
VirtualLock
GetModuleHandleA
VirtualAlloc
GetProcAddress
UnmapViewOfFile
HeapLock

user32

IsWindowVisible
IsWindowUnicode
ShowWindow
wsprintfA

gdi32

PatBlt

advapi32

CryptAcquireContextA

ole32

CoUninitialize

msvfw32

DrawDibBegin
DrawDibTime

crypt32

CertOpenSystemStoreA

winmm

midiInClose

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ