b64fcee59ccfbf7516ee7e7a706165ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b64fcee59ccfbf7516ee7e7a706165ca_JaffaCakes118
Size

40KB
MD5

b64fcee59ccfbf7516ee7e7a706165ca
SHA1

f706fd22f43b2cefc1cc990cdb9fceea3c8450c5
SHA256

9cf56fb53401eb836791fa06a52e3bbe8e352ed7f37d94cf14afd0bc1235f1a0
SHA512

247e8215b9a7c6afb38d4832ffd1537629b3db77ce381ed979a7b6ce478e89d072083aa3079d75e95439be041b236a0a0481f6e4337d7c03079a9125744f0941
SSDEEP

768:GmwRkqlL/3zfb9Tq1Ia5JqOuZjds4d6P:+3zfb410OuZjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b64fcee59ccfbf7516ee7e7a706165ca_JaffaCakes118

Files

b64fcee59ccfbf7516ee7e7a706165ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

517c00aa49ad3366f17901a7fa642753

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FindClose
SetThreadAffinityMask
SetCurrentDirectoryA
FindNextFileA
lstrcmp
VerLanguageNameA
GetConsoleScreenBufferInfo
InterlockedExchange
FindClose
VirtualAlloc
GetNumberOfConsoleFonts
CreateThread
BackupSeek
DisconnectNamedPipe
UnlockFile
SetConsoleScreenBufferSize
GetCurrentConsoleFont
GetProcessHeaps
SetCommBreak
SetConsoleCP
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlLockHeap
strncat
NtDeleteFile
NtCreateFile
NtWriteFile

Sections

.text
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WEIJUNLI
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ