8e246a578f7aa508436f2256187e006c_JaffaCakes118 | Triage

Sharing

General

Target

8e246a578f7aa508436f2256187e006c_JaffaCakes118
Size

499KB
MD5

8e246a578f7aa508436f2256187e006c
SHA1

ce320d68d4cb2ebdeb58b99f2c62f90344534d85
SHA256

079f1f5ec5d266bf0eb1073ad63befa086dc19b21df0462211bf997a74f6e214
SHA512

4f9caf196c857f11902acc190b83e152677f60a9ac7769ae68f6dcdef1b467a10f85ef85712307107ea8f04cc451ca6e23d69d4aad4bc9cde3a9a51f064b8c32
SSDEEP

6144:CihvkZ8gulzV2V9/H5DTwaHd6dcNiXPnpUTJPyd+MElqwkp7:CcMZu2z96dcYXPnpcJPydjZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e246a578f7aa508436f2256187e006c_JaffaCakes118

Files

8e246a578f7aa508436f2256187e006c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f85f3b107ff5e77789c11477ddfce27d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
ResumeThread
GetACP
PulseEvent
TlsGetValue
CreateFileMappingA
DeleteFileA
IsBadStringPtrA
IsDebuggerPresent
GetModuleHandleA
CancelIo
ReleaseMutex
GetDriveTypeA
SuspendThread
TlsAlloc
GetModuleFileNameA
GetStartupInfoA
lstrlenA
HeapCreate
CreateFileA

user32

IsWindow
GetWindowLongA
LoadImageA
DispatchMessageA
DestroyMenu
DestroyWindow
CallWindowProcW
GetIconInfo
IsZoomed
DrawTextW
PeekMessageA
FindWindowW
DispatchMessageA

amstream

DllRegisterServer
DllRegisterServer
DllRegisterServer
DllRegisterServer

cryptui

LocalEnroll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ