dcff9a9174017b633a4e5d7c73171754_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcff9a9174017b633a4e5d7c73171754_JaffaCakes118
Size

621KB
MD5

dcff9a9174017b633a4e5d7c73171754
SHA1

13887b2b66e60edb7d86900e4da898562f41b5d6
SHA256

c747dd2127dabf9bc5f3be8e92f876cc4e5c7b1ca5cbda3981f8db777adb8bfb
SHA512

2cf2465b9d9092c01219e00af217695585e794359f7a75016e374d52feecb0d791c1029989d628411c4c3fc579827c123e0baefeb9f976a75271f9efb50f8821
SSDEEP

12288:d0jhw51alVGuAODM6qDy9CSl7zsf7MQduWQTl9U3I0/FgeoDmf5uFL10tV:eVwaDpqD4BVim3DmfOh0tV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/047530687534-5578-Nr.com

Files

dcff9a9174017b633a4e5d7c73171754_JaffaCakes118
.zip
047530687534-5578-Nr.com
.exe windows:5 windows x86 arch:x86

6780ce4944e66311213167035ae008dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

Extend
Recover

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerW
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ