f0c8617b6db3b020a0167df0d0a6b998_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0c8617b6db3b020a0167df0d0a6b998_JaffaCakes118
Size

180KB
MD5

f0c8617b6db3b020a0167df0d0a6b998
SHA1

ab1b4e0a0ebfd9aad9253da88dcc7301c31655eb
SHA256

0b0191659b07d7d497aa132ff48c957ff163cb7a023336bceee707aea0917993
SHA512

8aa41c8adfe8a621deee613f4ddfb2b09906cb4fe4b99075beefde6b370c0f43db5d7074322479e0ef1f142f3a8513a777adfafef6fcfd9f352b981f6579c4b8
SSDEEP

3072:aQGB4XoMphbpW0y/RRqKM4x4QiyqhBYJOMaJX5M+9m3/cT6PVH9HcZqp7G:aQGjiFy5Rqcps8Oz5M+2UTErAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0c8617b6db3b020a0167df0d0a6b998_JaffaCakes118

Files

f0c8617b6db3b020a0167df0d0a6b998_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f327e0b9a44ac9fef5a2e20549c76c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject

kernel32

PrivMoveFileIdentityW
AddAtomW
GetProcessId
MapViewOfFile
EnumResourceTypesA
ExitProcess
DeleteAtom
CreateFileMappingA
ProcessIdToSessionId

user32

GetWindowInfo
CreateWindowExW
GetUpdateRgn
EndDialog

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ