d2c39e01fb4735306e647a61e257f179_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2c39e01fb4735306e647a61e257f179_JaffaCakes118
Size

60KB
MD5

d2c39e01fb4735306e647a61e257f179
SHA1

bf2442ab7e6e73dedba09b359e8d02f1a77adb89
SHA256

c9877949c282ce603a6228790f4c3d376f2e844a819e04f8f16a4d683d522629
SHA512

8944dd182305604c9741db06c1f50281492eb3bdbc368e58a1d98fc84862b694123517ba575c200403c647e94cbe39cc61a54330aa5c924e364b08788136e33d
SSDEEP

768:dOKpQbLcscg3AxN9UNjVB4LZ7pFtj5HUk5mHEsYL8a7M1pM2Txd3iUOcxQ6cUG2S:UKmElguqQZ7TvbjLri90NX2xTcoO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2c39e01fb4735306e647a61e257f179_JaffaCakes118

Files

d2c39e01fb4735306e647a61e257f179_JaffaCakes118
.exe windows:4 windows x86 arch:x86

023e831df173a19d3ed2b635286ea1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
SetFilePointerEx

user32

ReleaseDC
RegisterDeviceNotificationA
RegisterDeviceNotificationW
RemovePropW
ScrollDC
RegisterWindowMessageA

advapi32

SetFileSecurityA
InitiateSystemShutdownExW

Exports

Exports

WzzCtfq
WzzEab
WzzFj
WzzHh
WzzMz
WzzNlko
WzzOaldi
WzzQynbk
WzzReu
WzzUur
WzzWst
WzzXyaox

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE