d6848542772bfc0b6197e2aad3eb017e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6848542772bfc0b6197e2aad3eb017e_JaffaCakes118
Size

492KB
MD5

d6848542772bfc0b6197e2aad3eb017e
SHA1

1b3341ccaf3f150a6f2578ee775fba18929cfb6e
SHA256

fb6c59095576e6d8240b0a611e44d2ca5efe1c95edf5a464fc3a184f6c2c6fc3
SHA512

0054629bb05ff059e21344b75e6214f5afb29d4906495717d0816be2bfe69b23640eebed872692813cca2aad6a6c0a2ac1c4d0d12d45626b7353fdad1cbce2e6
SSDEEP

6144:C6G6h17a4hib4j8jf51Qx7O6bcLehsEwkoK/6ERdFQJdlMu6lb/01apjbV6m8lL:nj+x4ojf51aTcK0NEQUd0op3QlL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6848542772bfc0b6197e2aad3eb017e_JaffaCakes118

Files

d6848542772bfc0b6197e2aad3eb017e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36587b51e87fa88159162ff889a78303

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetPrivateProfileStringW
FindClose
SetEvent
ReadFile
CreateMailslotA
SetLastError
GetCurrentThreadId
EnterCriticalSection
GetDriveTypeW
GetConsoleAliasW
SuspendThread
EnumCalendarInfoW
LocalFree
GetModuleFileNameA
FindAtomW
GetCurrentProcessId
GlobalFree
HeapCreate
GetModuleHandleA

user32

DispatchMessageA
GetSysColor
GetClassInfoA
SetFocus
GetKeyState
IsWindow
DrawTextW
GetCursorInfo
GetClientRect
CallWindowProcW
GetMenuInfo
GetKeyboardType
DispatchMessageA

avicap32

videoThunk32
videoThunk32
videoThunk32
videoThunk32
videoThunk32

desk.cpl

DeskSetCurrentScheme

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ