d373cf1ffc4cce6f43c92ebacd4fc9f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d373cf1ffc4cce6f43c92ebacd4fc9f3_JaffaCakes118
Size

319KB
MD5

d373cf1ffc4cce6f43c92ebacd4fc9f3
SHA1

769a7f1e6f7e9c6526574625eddf02c236143599
SHA256

8e08494fdc52e02be7b78ad6682f5c980b971f8395ebba73a4d1917fc95739de
SHA512

13975fcdfe1b8a22907005b302b061fb511a2a482547bcbeabea9e97302d4f576426f0fe5ea02b45495cb3665e98725934191a8b50f34f2e8b0c4979100c2d0e
SSDEEP

6144:EqLLug4F/FF95/g/J/9qYEsjJuzcmm06fUdNNpZ9aJEzQdJj7:Ex1Z5/g/J/sPNYN0EUHWEsL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d373cf1ffc4cce6f43c92ebacd4fc9f3_JaffaCakes118

Files

d373cf1ffc4cce6f43c92ebacd4fc9f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

597319b952f0148d1d5d2796fa2feb24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualLock
FileTimeToLocalFileTime
GetModuleHandleA
GetCurrentThreadId
CreateSemaphoreA
VirtualAlloc
GetProcAddress
lstrcatA
DeleteTimerQueue

user32

SendMessageA
LoadIconA
PostMessageA
DispatchMessageA
IsWindowUnicode

gdi32

GetPixel

ole32

CoInitialize

netapi32

NetDfsAddFtRoot

psapi

EnumProcessModules

avifil32

AVIMakeFileFromStreams

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 4KB - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE