ffc602c5c77092dec4505b8896003b9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffc602c5c77092dec4505b8896003b9e_JaffaCakes118
Size

162KB
MD5

ffc602c5c77092dec4505b8896003b9e
SHA1

948f41d50604c476c03dec0b5a6e29d5f18b4951
SHA256

5852706aad3eb6b6bc8864d25a4ee9865533b0309fa1b1cc49272732ae3bff0b
SHA512

a4ca9124371d307e28909ddc3b6ebb4fdece46e0e953de3eef8bcbdf253dc04bffefb9d5daee24cd81e08340913028abb4379939c4305f695af9b5dfdaac3a01
SSDEEP

3072:Xd5m3jhy0b0Egrp/dqk+Enfhe/vwUzLNc7:QjY0n0/UkPfOvwqNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffc602c5c77092dec4505b8896003b9e_JaffaCakes118

Files

ffc602c5c77092dec4505b8896003b9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82f2b44eb2929938329b5c18caff8422

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

user32

EnumDisplaySettingsW

shell32

ShellExecuteW

kernel32

ReplaceFileW
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoW
IsDebuggerPresent
GetProcessId
GetSystemTimeAsFileTime
Sleep
TerminateProcess
GetCurrentThreadId
EnumResourceTypesA
ExitProcess
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
GetTickCount
GetCurrentProcess

clusapi

CloseCluster

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ