a6f42ba2975900bb6b9b1536ac235781_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6f42ba2975900bb6b9b1536ac235781_JaffaCakes118
Size

77KB
MD5

a6f42ba2975900bb6b9b1536ac235781
SHA1

da753c239b27a708f20b49a1eb70642c25efb920
SHA256

431fdf8b154be80b38442f37d8f34219fbc8031ac336c0ba9bb0b469eba6d5fa
SHA512

9acd583a5dceef4294cc53b29a32e6432b37e33473b5936bc2f0e528c39ad93698312c33c4a2924844bdc2896518a0877abcbe626a7256d489d3dd9a904ea82e
SSDEEP

1536:uUTXdRfpeHhlAeA1jib9SwiHMm3VDRQjP61ChozVcZql8TJADRgNC:RTXrwGeA1ji2HMm3nQuTz5U0O0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6f42ba2975900bb6b9b1536ac235781_JaffaCakes118

Files

a6f42ba2975900bb6b9b1536ac235781_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

a6a2981b62f118e69e748b2171d3146d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree

ws2_32

connect

msvcrt

_itoa

user32

GetForegroundWindow

advapi32

RegEnumValueA

shell32

ShellExecuteA

oleaut32

GetErrorInfo

Sections

.dfg
Size: - Virtual size: 236KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dfg
Size: 69KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE