d329240e1dc559ce5afe83722c98a466_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d329240e1dc559ce5afe83722c98a466_JaffaCakes118
Size

16KB
MD5

d329240e1dc559ce5afe83722c98a466
SHA1

a6d05c822f5790e9ac27534087b4428bad32c702
SHA256

1d2583479b914a34bafb66ec592388b6ad96dafe4bf7b68250ad8daf4770d07e
SHA512

26eb31f500080462aa0555c86ff83bbcc0a68c352fefe20e393e42b109d56da1be99d121c13ef74bdf6d09023e2ae2c03b6c67011bc2c6e0e49778895d983f82
SSDEEP

96:Tsk9xAPA8CF0XX+MSv8PPgGAXjQj0d6MUitA1e2wX00E4/h:x9xaX+M/4Ljg0IM/XhT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d329240e1dc559ce5afe83722c98a466_JaffaCakes118

Files

d329240e1dc559ce5afe83722c98a466_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cbe277e22b46ec4b15df82f397829d45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoCreateInstance

kernel32

VirtualFree
FindClose
FindNextFileW
FindFirstFileW
VirtualAlloc
GetDriveTypeW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
Process32NextW
SetFilePointer
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetModuleFileNameW
GetModuleHandleW
GetLastError
CreateMutexW
CreateThread
GetTickCount

user32

wsprintfW
RegisterClassW
LoadIconW
MessageBoxW
LoadCursorW

gdi32

GetStockObject

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE