940eb0d66b5def90951752fffbbdcae3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

940eb0d66b5def90951752fffbbdcae3_JaffaCakes118
Size

96KB
MD5

940eb0d66b5def90951752fffbbdcae3
SHA1

ae66a594a3f677ec623d02f0bb5be122992ca370
SHA256

458038e8270e9703a308038f0879caa4f5db67adb70ce07908bbb402a3f2cd58
SHA512

6c26949a02c964acad10f22a137e7f2a2740b4c8f06e3a9dbe57f108a187978c63983b029c42d4de52667fc5b716a5c7944bc54aafaa3fc5670c854362aa2e6e
SSDEEP

1536:/XjyHWwack2jcSiCnx2paDybq91+7SnoYOqGXbshWInuQixAry534VERN:LyH+ck2Obq91+mno3t4QZQ3ri4VEz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
940eb0d66b5def90951752fffbbdcae3_JaffaCakes118

Files

940eb0d66b5def90951752fffbbdcae3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62b976b283cf2b9f0bd57647c010cc21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CreateThread
SetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
ReleaseMutex
OpenMutexA
WinExec
GetTempPathA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
WaitForSingleObject
ExitProcess
CreateMutexA
lstrlenA
CopyFileA
GetSystemDirectoryA
GlobalMemoryStatusEx
GetComputerNameA
GetLocaleInfoW
VirtualAllocEx
VirtualProtectEx
VirtualAlloc
GetModuleHandleA
WriteProcessMemory
SetThreadContext
GetThreadContext
ReadProcessMemory
VirtualQueryEx
TerminateProcess
Sleep
ExitThread
GetTickCount
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

fopen
fclose
fseek
ftell
fread
??2@YAPAXI@Z
malloc
sprintf
rand
_except_handler3
strncmp
exit
strstr
strncpy
atoi
strcspn

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE