b9958ce344d3f918af227a95f2e63e21_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9958ce344d3f918af227a95f2e63e21_JaffaCakes118
Size

175KB
MD5

b9958ce344d3f918af227a95f2e63e21
SHA1

4d0be23921d8b4c7a48aa845a29d0081de9baca4
SHA256

444a8a9f40be1db242a02867af2c1d4a6cf2d6fb670bf1b68a4f53d90981ac09
SHA512

c87c5c06e4439b026119e8678a3adba93507fc296a6bde8ac57f0a38d8eea494e8f7858423fa976b96bdaac337573ec5aeb4d4da5bd00b23b9d37a944726c3d6
SSDEEP

3072:PaI7s+zgL/Mgllv7bm2G/Ro6y+F+ZwPRM8QEHMZBERpd+2Q:6+UdlFbua6VFxNxHMZBEN+2Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9958ce344d3f918af227a95f2e63e21_JaffaCakes118

Files

b9958ce344d3f918af227a95f2e63e21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbdb91dc6e719c0ca02748f467f71bb7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynW
SystemTimeToFileTime
VirtualAlloc
OpenProcess
PrivMoveFileIdentityW
WriteFile
VirtualFree
CreateFileMappingA
GetStdHandle
GetSystemTime
DuplicateHandle
CloseHandle
SetEvent
GetProcessId
ProcessIdToSessionId
GetModuleFileNameW
CreateEventA
AddAtomW
EnumResourceTypesA
CreateDirectoryW
GetUserDefaultUILanguage
GetFileAttributesW
WaitForSingleObject
GetProcAddress
ExitProcess
DeleteAtom
GetFileAttributesA
LoadLibraryExW
LoadLibraryW
CreateFileW
MoveFileW
OutputDebugStringW
UnmapViewOfFile
CreateMutexA
MapViewOfFile
LoadLibraryA
ReleaseMutex
FindAtomW

user32

MessageBoxW
LoadCursorW
GetUpdateRgn
CreateWindowExW
GetDC
GetWindowInfo
RegisterClassExW
EndDialog

oleacc

LresultFromObject

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ