af82cb68b922438c58879e33a3817114_JaffaCakes118 | Triage

Sharing

General

Target

af82cb68b922438c58879e33a3817114_JaffaCakes118
Size

43KB
MD5

af82cb68b922438c58879e33a3817114
SHA1

864add8733c586e8436b1cae19ec4cd317489cfb
SHA256

4e3360a1287e3f4450c5d5a2b4ec2a8639c60004eaf7e9e27fc6e6001d8c9486
SHA512

b4967171486bd345a01ebb08f61574a839034358ff0245a71aa5c164576e76a6e8a981699c85eedb83df76d08b70c02c91c2c3bf1c352fb79e18411ac17bc93f
SSDEEP

768:ESExDBW9BtcAPJkvJacJDUqtto5nMGc21U22PoQTXlf0W0dKUWQ5n:sBW75P2JaciYo5nMF2ULPoQTXB0nNWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af82cb68b922438c58879e33a3817114_JaffaCakes118

Files

af82cb68b922438c58879e33a3817114_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34263a2b5d038b51e23a8aa76c927424

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetProcAddress
ReadFile
VirtualFree
SetLastError
GetFileSize
ReadProcessMemory
WaitForMultipleObjects
lstrlenW
FindFirstFileW
GlobalAlloc
WriteFile
MoveFileW
GlobalDeleteAtom
GetUserDefaultLangID
DeleteFileW
GlobalAddAtomW
GlobalFree
InterlockedDecrement
SetEvent
SetFilePointer
GetModuleFileNameW
WaitForSingleObject
FreeResource
WritePrivateProfileStringW
FindClose
LoadLibraryA
LoadResource
SetEndOfFile
FindNextChangeNotification
GetCurrentProcess
CreateFileW
FindResourceW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE