af20f7d35c895009f4ab122657f4ace0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af20f7d35c895009f4ab122657f4ace0_JaffaCakes118
Size

304KB
MD5

af20f7d35c895009f4ab122657f4ace0
SHA1

d8798699ed94ffedd8dbe6a744c2f96a0af297d5
SHA256

57cd6596e46a8e980b0e8485458c8581304280727a9a5dedf2346007218a4bee
SHA512

1d9c4cfb7fe519452cbc1c29a1e8d9942d3377223ef9f7ae55e4cb71ba3fe19ed909cb12733065a328582a103e600a6cf642b1133bf3d4bb7ca0377d28f3edae
SSDEEP

6144:02WmXYBy9MSfb4YiPP+Aqqx5fCNfNyqxt71UbzD3IN4Tya9b5MJvcoJlwO:0spM0viPP+AVQdxt71gDYN4Ty45MJv/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af20f7d35c895009f4ab122657f4ace0_JaffaCakes118

Files

af20f7d35c895009f4ab122657f4ace0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37ace77702f2c4b707c2b6e0d4c32df3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
LoadLibraryA
GetProcAddress
VirtualFree
CreateFileA
WriteFile
VirtualAlloc
Sleep
Module32First

user32

SendMessageA
GetInputState

wininet

InternetCloseHandle
FtpGetCurrentDirectoryA
FtpPutFileA

ole32

CoInitialize
CoUninitialize

advapi32

RegQueryValueExA
RegQueryValueA

Sections

BNSQDjxG
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zJBtgild
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LlFxGISy
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CBWVgazB
Size: 265KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE