df0676694a9e84a7551b10d1446d85a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df0676694a9e84a7551b10d1446d85a7_JaffaCakes118
Size

175KB
MD5

df0676694a9e84a7551b10d1446d85a7
SHA1

93174f1015e5240ed13f6d71b25330a637b28e56
SHA256

454243e40081f0e347ea3f67b125c374ae12e4937b87879a25eadb658795c55d
SHA512

bb50568ba18ee82a87898d0596ee7604d885725dd128fb3e4645a4704ca81fd75619dc15a1485d4e3633805df15544d59d5a298bf2d73aafdb992eb360262dd5
SSDEEP

3072:0CiZ4uJ+Rm+FkWoFllg/5ZBkDz1nOguz4tcjXuVyXt2V+I:l7VPFiK/5vk/1Ob80Xt2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df0676694a9e84a7551b10d1446d85a7_JaffaCakes118

Files

df0676694a9e84a7551b10d1446d85a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8dd2e7ea5f2a8c847b29804db08e8d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadResource
FileTimeToSystemTime
ConvertFiberToThread
GetCurrentProcess
LocalAlloc
FindFirstFileW
SetThreadIdealProcessor
LocalFileTimeToFileTime
IsBadReadPtr
FreeLibrary
SystemTimeToFileTime
FileTimeToLocalFileTime
SetEnvironmentVariableW
LocalFree
CompareStringA
FindClose
EnumResourceNamesW
RegisterWaitForSingleObject
GetSystemDirectoryW
GetStringTypeW
SetCurrentDirectoryW
GetShortPathNameW
FindNextFileW
FindResourceW
GetOEMCP
GetLocalTime
SetErrorMode
LCMapStringW
SearchPathW

user32

IsWindowEnabled
ReleaseCapture
ValidateRgn
IsWindow
DestroyWindow
InvalidateRgn
FlashWindow
ExcludeUpdateRgn
ValidateRect
SetCapture
EnableWindow
UpdateWindow
RealGetWindowClassA
GetCapture
GetUpdateRgn

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imul
Size: 512B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ