95b6f194d911b1b77f68b4f206e72886_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95b6f194d911b1b77f68b4f206e72886_JaffaCakes118
Size

370KB
MD5

95b6f194d911b1b77f68b4f206e72886
SHA1

a1bdccd81a0de3cb39ebb6b578db78c30fb2fd56
SHA256

98fc2776a85a89d69cb22465d88712e2ce0a849d40f8f943cfe8dbeab0323d29
SHA512

e135c450290c931291554d0598610fca1f6129de505f870f9cf6ef9bba6f65515bc3fd7695c7d578c5d454403bd3381626c92df2d5f54b823874ff4b2d056da3
SSDEEP

6144:ARMXTt0HEAT1fxhcMxW2pL7lv6w2K/PkFtR6sFHYnHFWhTyHVEOSQTQiJY7jM56g:ARMeHEAJLjpFv6w2K/PkFtlVMHFWg1E5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95b6f194d911b1b77f68b4f206e72886_JaffaCakes118

Files

95b6f194d911b1b77f68b4f206e72886_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3366cc24c7eeacc68d2d6c0c2357b0a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
WriteFile
FindAtomA
GetFileTime
ReleaseMutex
FindClose
GetCurrentThreadId
InitializeCriticalSection
IsBadStringPtrW
lstrlenW
CreateEventW
LocalFree
GetDriveTypeA
HeapCreate
TlsGetValue
GetEnvironmentVariableW
GlobalFlags
GetPrivateProfileStringA
GetCurrentProcessId
LoadLibraryW

user32

DrawStateW
EndDialog
GetClassInfoA
DrawTextA
GetSysColor
CallWindowProcW
GetKeyboardType
CreateWindowExA
SetFocus
DispatchMessageA
GetClientRect
GetSysColor
IsWindow

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

cryptui

LocalEnroll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ