a61142364aac57998b0c75a4192e2863_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a61142364aac57998b0c75a4192e2863_JaffaCakes118
Size

56KB
MD5

a61142364aac57998b0c75a4192e2863
SHA1

8c0b47239b400c9c06300efd15d9e1feb885a387
SHA256

42f0961b15ee8d68007e76be824c71fdf5bb0d298296cd58f42c3afa315f31c3
SHA512

404e55bd58078fd537125cbdd55391726acef82260f7dfc758bd46d8da9c2e4bba95016279e24cbc76ec711f422b08588787c3b09860767ba7e63ebe3d8b1e3e
SSDEEP

1536:S5ld+RrPQp4ifxq0Btc0TOJlVX+vZsoUT4u3:S5sPQP5q0Dc0TyEyQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a61142364aac57998b0c75a4192e2863_JaffaCakes118

Files

a61142364aac57998b0c75a4192e2863_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36270e24b44ed705523236ea20800d0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
ExitProcess
GetProcessWorkingSetSize
GetStringTypeA
OpenFile
PostQueuedCompletionStatus
ReadDirectoryChangesW
SetCommConfig
SetNamedPipeHandleState
SetSystemTimeAdjustment
SetThreadLocale
WaitForSingleObjectEx
_llseek

advapi32

BuildTrusteeWithNameW
DuplicateToken
GetAccessPermissionsForObjectW
RegConnectRegistryW
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyW

user32

ChangeDisplaySettingsA
CreateIconIndirect
GetClipCursor
GetListBoxInfo
RegisterWindowMessageW
ReleaseDC
SetCaretBlinkTime
WaitForInputIdle
WaitMessage

shell32

CommandLineToArgvW
DragQueryFileAorW
ExtractVersionResource16W
RegenerateUserEnvironment
SHChangeNotify
SHGetFileInfoW
SHInvokePrinterCommandA
SheShortenPathW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE