b49e673bdb378ff034629ff8ff93630b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b49e673bdb378ff034629ff8ff93630b_JaffaCakes118
Size

313KB
MD5

b49e673bdb378ff034629ff8ff93630b
SHA1

e79afd6def7253c0fb834fc6f98a37ffb574ca69
SHA256

e31cb923d0271cdfad73e314bac598986ef38937f37b4b86d118da55a6361c0d
SHA512

3bc7eb7441918b01d33fc641394e315a409d2096abe2893edf8d20aada7d0644616949489a6b99135c968d0da1a9d1e3b6a270b51695ebf9a0a18cff4d9e5e5e
SSDEEP

6144:ByxqIY8Z7FbLaDoD2Rsn7GUi4PRnZTiBqigS/RwfrhcbHT:ByqH8jbOsr7OunZTNM/RwfrWj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49e673bdb378ff034629ff8ff93630b_JaffaCakes118

Files

b49e673bdb378ff034629ff8ff93630b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4341d7711e7b801c6d749bac8d5f279

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
GetLastError
FileTimeToLocalFileTime
CloseHandle
VirtualFree
GetProcAddress
CreateFileA
GetSystemDirectoryA
GetProcessHeap
GetModuleHandleA
GetFileSize
VirtualAlloc

user32

MoveWindow

netapi32

NetDfsRemoveFtRootForced

avifil32

AVISaveOptions
AVISaveOptionsFree

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 647KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xvda
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE