f564ec70f3064c96b1ba2412eb8202a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f564ec70f3064c96b1ba2412eb8202a9_JaffaCakes118
Size

365KB
MD5

f564ec70f3064c96b1ba2412eb8202a9
SHA1

34d67aef9876f83427889daccdee2ae6ef4fc248
SHA256

d999048f67de8d3fc6160b3b60d7d700d7d341625ba08efe105d59ed8e0adac9
SHA512

41a01f3d7ca0d3fe6d15b786e133d7abc34cae4278b272fa7d7945edfd3d7fd2640aac4c73aa975be0658cff62ef4b7de979c12a49e14fa2ff2650a044c1f0ca
SSDEEP

6144:F+KNWOXPOumOhnHDAiUNfNAxOZ/kxjXrpRaPz6PcSTGtNFEQuZxJC:F/hhxDrUYxOZ/kxj7pRizAcCGPFEQAI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f564ec70f3064c96b1ba2412eb8202a9_JaffaCakes118

Files

f564ec70f3064c96b1ba2412eb8202a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe9b3a404d56e2bd1d5683fe19afea58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetTickCount
GetExitCodeProcess
Sleep
CloseHandle
GetDiskFreeSpaceExW
CreateMutexA
DeleteCriticalSection
LoadLibraryExA
TlsGetValue
FindClose
GetModuleHandleA
EnumResourceTypesA
VirtualProtect
GetDriveTypeA
GetComputerNameA
GetCommandLineA
FreeConsole
ReleaseMutex
SetLastError

shell32

SHGetDiskFreeSpaceA
SHGetNewLinkInfo
DragQueryFileA
ShellMessageBoxA
SHGetMalloc
ShellAboutA
DragAcceptFiles
SHFree
StrChrA
DragFinish
SHGetSettings
DllUnregisterServer
SheChangeDirA

msports

ComDBClaimPort
ComDBOpen
ComDBClose
ComDBReleasePort
PortsClassInstaller

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ