b6d7ef86aaf1dcb549d0219133b51c97_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6d7ef86aaf1dcb549d0219133b51c97_JaffaCakes118
Size

24KB
MD5

b6d7ef86aaf1dcb549d0219133b51c97
SHA1

49dc3abe18635a14a20fb4b0d941dc2a3d7011c8
SHA256

f7d49ddfaaf942d59fb28d6d7f7e109fa6db36e5e7d6c1aa2186516c6b844107
SHA512

7fcb6f7c8003222c5aab6eed5664d8847db4db91479ae8c85df7c84efa4098306d2065824e1ccaddd544c6cd66ff5f3f6cb5a7e49a773326fa9f42d0819c8796
SSDEEP

768:PKCYpsPKrFC+VB3BAHV5GxJwL5bVJPRw:vYpswnnwL5a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d7ef86aaf1dcb549d0219133b51c97_JaffaCakes118

Files

b6d7ef86aaf1dcb549d0219133b51c97_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0b473a935900c05cbc527dbc69bdff82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
UnmapViewOfFile
GetFileSize
GetVersion
CreateFileMappingA
MapViewOfFile
Thread32Next
lstrcmpiA
WriteFile
OpenProcess
ExitProcess
VirtualAlloc
GetCurrentThreadId
VirtualFree
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
CreateFileA
Sleep
LoadLibraryA
ReadFile
DeleteFileA
GetProcessHeap
GetProcAddress
LoadLibraryExA
HeapAlloc
GetVolumeInformationA
GetSystemDirectoryA
lstrcat
CloseHandle

msvcrt

wcsstr
wcslen
_strnicmp

user32

wsprintfA

Sections

.code
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ