faa9658caa0c772774ccd0d2660b499e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faa9658caa0c772774ccd0d2660b499e_JaffaCakes118
Size

51KB
MD5

faa9658caa0c772774ccd0d2660b499e
SHA1

31e58a02026a90b1f0b5d73f58b0e1be7388569e
SHA256

c97205cbfe42bdcfa79df3a5cc7e806ae65623fd28c5aa064afc97264682c371
SHA512

bec739727eb61e5bab24cf2d9d22387cadbc269b376c6adf476bc143f8f29abe7c2bc755cf4ed0c0b5abcc312226dfabccf44fbbb217643a27ebb66fb97e9db9
SSDEEP

768:o6x0m2oKwCd9qYvQePwK+plIiau8I7DyA6BWgbxAEx4:fSoRAzzwKXkn6B3NAEx4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faa9658caa0c772774ccd0d2660b499e_JaffaCakes118

Files

faa9658caa0c772774ccd0d2660b499e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef910b60e9276f265f65e61c1da58f4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

d3d9

Direct3DCreate9

user32

EnumWindows

shell32

SHGetFolderPathA

shlwapi

PathRemoveFileSpecA

Sections

.MPRESS1
Size: 23KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE