96590c082a6a9b7875253623127e69d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96590c082a6a9b7875253623127e69d3_JaffaCakes118
Size

45KB
MD5

96590c082a6a9b7875253623127e69d3
SHA1

e7c7b4847a3292d2e0ba1b7802ec9cc202ed9f57
SHA256

1089f4f85cfadbb2a1b02a51c3b391ef11743119288ec5b3df497b1b20a011fa
SHA512

f2c14e8ec59b3a3f9426ab796b929227f6159e308ebcc03192ef0120b25dc4e6fe91cc11b2579c762af5ba423b099ab03fb64b9c4da923e0213ea8e4c5f1915f
SSDEEP

768:2vLieVRbuCWjs3rHjCcPxa+WNpPUzVD6ME89M0M9UkBTzpPCS6KNlnGH:YXIChmb5NKD6M79MF2UZCS6KDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96590c082a6a9b7875253623127e69d3_JaffaCakes118

Files

96590c082a6a9b7875253623127e69d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42d5a59f6293c583e5d43453e61e23b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
GetLastError
LocalFlags
GetSystemTimeAdjustment
GetFileAttributesW
GlobalMemoryStatus
ResumeThread
PeekNamedPipe
FileTimeToLocalFileTime
GetCurrentProcess
LocalCompact
VirtualProtect
GetCommConfig
GetTempPathW
EnumSystemLanguageGroupsA
VerSetConditionMask
CreateProcessW
VirtualProtectEx
SuspendThread
SetConsoleCursor
LoadLibraryA
ReadConsoleOutputAttribute
Process32First
RegisterWowBaseHandlers
GetProcAddress

user32

SetCapture

Sections

.text
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE