d1c51a0c35315e11efabd17cc0e97e66_JaffaCakes118 | Triage

Sharing

General

Target

d1c51a0c35315e11efabd17cc0e97e66_JaffaCakes118
Size

871KB
MD5

d1c51a0c35315e11efabd17cc0e97e66
SHA1

35129f82f14729ba586fa8e608a80cb8577c08c6
SHA256

6b969e8a985ed021886e7aa01877fd3a689ee9c0c54a84cf7f2ee05d6883bd58
SHA512

39a9d91224d788864ef1a39d2305b0d087b5fbc15cbcbc4ecb1506ee835292e9c69228e4772355f75d51015d19f989cbd5341039d76c039ffcf5f88bd9685e70
SSDEEP

24576:kr0tyeExqUHd13xvgsWEMaf7O3lnmABRC0rH:k7RxLLlgswailm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c51a0c35315e11efabd17cc0e97e66_JaffaCakes118

Files

d1c51a0c35315e11efabd17cc0e97e66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

819e5d9b8ccbaf765953e16808341b38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
IsDebuggerPresent
SuspendThread
TlsGetValue
ResumeThread
lstrlenA
DeviceIoControl
TlsAlloc
GetACP
GetDriveTypeA
CancelIo
HeapCreate
GetStartupInfoA
IsBadStringPtrA
PulseEvent
GetModuleHandleA
DeleteFileA
CreateFileMappingA
CreateFileA
GetModuleFileNameA

user32

GetWindowLongA
FindWindowW
IsZoomed
DestroyWindow
DrawTextW
DispatchMessageA
LoadImageA
DestroyMenu
PeekMessageA
CallWindowProcW
DispatchMessageA
IsWindow
GetIconInfo

amstream

DllRegisterServer
DllRegisterServer
DllRegisterServer
DllRegisterServer

cryptui

LocalEnroll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ