bf97fbfc0fb524431a0380654dc52666_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf97fbfc0fb524431a0380654dc52666_JaffaCakes118
Size

280KB
MD5

bf97fbfc0fb524431a0380654dc52666
SHA1

5e004e919c7740c1ed16b73b51c968689582a755
SHA256

6ed1371dfeb8ee8c54c36acbd687c47aea75a32fcdcf0a8b33c12f581facb97a
SHA512

be8f84762bbec4c78add2e222c163ed46b0099561c32ef7cc7a248772849a3d55db6be4c4653e266b673f1c0447954e8019162835fc94b8e909abcde9c408925
SSDEEP

6144:JCGaUeTtovTdiXL0kYeO2Wv+Y92kFJp47NWhDo3:cGaUeWrdLwW+YMkHMqE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf97fbfc0fb524431a0380654dc52666_JaffaCakes118

Files

bf97fbfc0fb524431a0380654dc52666_JaffaCakes118
.exe windows:4 windows x86 arch:x86

486a90a019bba85a7272e67dceb64b78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetEnvironmentVariableA
ReleaseMutex
GetCurrentThreadId
GetCurrentProcessId
GetFileSize
WriteFile
DeleteAtom
CreateFileMappingA
HeapAlloc
GetProcessHeap
HeapFree
DeleteFileA
GetTickCount

ole32

OleUninitialize

winmm

timeKillEvent

shlwapi

SHDeleteKeyA

user32

wsprintfA

advapi32

RegCloseKey

msvcrt

memcpy
free

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 974B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ