dd3946d4c465d6a71e9498562c855722_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd3946d4c465d6a71e9498562c855722_JaffaCakes118
Size

27KB
MD5

dd3946d4c465d6a71e9498562c855722
SHA1

c290fb9bb56f046c14add4a14942856e336eaa4b
SHA256

4f841497df01898cf14860a1286d932329aa4a8d969fda2c8d0b2ec1d38cf09e
SHA512

8e86c1062d64e23f2d9e9ce7270e3dcdb2400fa56f1b97228e4a0e25b8a90a8c69eaf395d387c1aba4c5f124cdaf28acc457659d8b4eaeeea2226dd2c08b65dc
SSDEEP

384:bSiQugIc/GR3Pn+Z9fjitpOG9fmLGBps2wiYqafJaOZqDDIQYpvNFYo/Wnl7cor:b0FJGRM9fjitoGTBpJwiYqeaOisu7nNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd3946d4c465d6a71e9498562c855722_JaffaCakes118

Files

dd3946d4c465d6a71e9498562c855722_JaffaCakes118
.exe windows:4 windows x86 arch:x86

302bcd7466accb7bbbfbff8b5292e477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
OpenMutexW
CreateMutexW
CreateFileA
GetProcessHeap
GetFileSize
HeapAlloc
ReadFile
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
CreateDirectoryA
HeapFree
GetSystemDirectoryA
WriteFile
GetFileTime
SetFileTime
CreateProcessA
DeleteFileA
GetSystemDirectoryW
CopyFileW
DeleteFileW
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetCurrentThread
SetProcessPriorityBoost

msvcrt

memset
strstr
memcpy
_strrev
wcscpy
wcscat

shell32

SHChangeNotify
ShellExecuteExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE