debd3fbe99e26ef01355c19ef4cbb1e8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

debd3fbe99e26ef01355c19ef4cbb1e8_JaffaCakes118
Size

364KB
MD5

debd3fbe99e26ef01355c19ef4cbb1e8
SHA1

699e5ea9aca942841813073b7603c7c085251437
SHA256

3391c18d3d63ff048a1158a4347035ad597b428e1e38e9167e3fe9aff776018b
SHA512

cad41681cf878b7107e1a5952ee4f2a601337f050fd51c3af72c80443357c810e3807062ad36c0a18791dc9cdfe9fd5c2a367eeddcc44bb5a4bd663192f9947f
SSDEEP

6144:rsL+ZlI8z7SHlHTG9rFi3eE2nRRLX/yOS/GkCAXXYoOvLVpR3v/iTpVHl2n:rs+tmlHOKd2RROO4GkCVoOx/3niTbHcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
debd3fbe99e26ef01355c19ef4cbb1e8_JaffaCakes118

Files

debd3fbe99e26ef01355c19ef4cbb1e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02ef16395a1134cb42944b61430f0efc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
ExitProcess
SetFileApisToANSI
VirtualQuery
GetSystemDirectoryA
GetSystemTime
GetLastError
VirtualProtect
SetEvent
VirtualFreeEx
ReleaseMutex
GetEnvironmentStrings
GetModuleHandleA
GetProcAddress
ResetEvent
OpenMutexA
GetModuleFileNameA
IsBadCodePtr
LeaveCriticalSection

user32

EnumThreadWindows
MoveWindow
CloseWindow

gdi32

DeleteObject

advapi32

CopySid
AddAce

ole32

CoUninitialize

psapi

GetWsChanges

msvfw32

ICInfo

avifil32

AVIStreamCreate

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ