a677e8c323d763d9d2c1e5d0581b185a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a677e8c323d763d9d2c1e5d0581b185a_JaffaCakes118
Size

28KB
MD5

a677e8c323d763d9d2c1e5d0581b185a
SHA1

af5cd4e8638325c1fee647a6a9d6d0604ab35184
SHA256

8a0f77a778a9ee5426b93ac89409b62cfb4f46587930af39990caef9391266d4
SHA512

55ecc4cf2819be5fd74c6a51e71ac2b30ca054eae3c27d48736126956eb666a4e0e2ad677bafb1870fa48090c8675801748f956e1ed4fa58e3b07f222286efe7
SSDEEP

384:5lHm+9zOyFvWwJCpYrKnsLlBa713s6wiZ2L16k0xfvTj0cVaiM1q0sr3xiBr:5lHJOcjI6l/x6wBEn0cVOqPh2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a677e8c323d763d9d2c1e5d0581b185a_JaffaCakes118

Files

a677e8c323d763d9d2c1e5d0581b185a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6b17e6ef0fa08a6ed6c287a2b254dc77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memset
NtMapViewOfSection
mbstowcs
memcpy

kernel32

GetVersion
lstrcatA
GetEnvironmentVariableA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
CreateRemoteThread
OpenProcess
GetSystemDirectoryW
GetExitCodeProcess
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
CreateFileMappingA
GetExitCodeThread
lstrcatW
CloseHandle
GetTempPathA
lstrcpyW
ExitProcess
WinExec
lstrlenA
CreateFileA
FindResourceA
FreeResource
LoadResource
VirtualFree
SetFileTime
WriteFile
SizeofResource
FindFirstFileA
VirtualAlloc
LockResource
Sleep

user32

FindWindowA
GetWindowThreadProcessId
wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteExA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE