04b9e7c8e1f014c450fedc6aa40e396d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04b9e7c8e1f014c450fedc6aa40e396d_JaffaCakes118
Size

767KB
MD5

04b9e7c8e1f014c450fedc6aa40e396d
SHA1

0cdd6e7005ff57df22fab7b82e4185a3355a883a
SHA256

9b236b8fcc8c35369a455a447ac654801a015158ad50a49add822dc163dafe7a
SHA512

54cdb5ca6947e932e72f90888551cddf1538cef9cfc2548f5ad067d40a4ca15225274786153f10fe41179c33acb23441eeee8342f49ebd4a4cc894eb9a2c942e
SSDEEP

12288:9hHOfarPDK4Golq+WF6a2XIxdwwYRTG2pqLBgEircKfjhI2BXiNra/GJ6fLfV4fo:9wajDAdd2XIDLYRTG6qNviprhII+m/Gt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04b9e7c8e1f014c450fedc6aa40e396d_JaffaCakes118

Files

04b9e7c8e1f014c450fedc6aa40e396d_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

bf43916ebdbadfc86eac707186cad048

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
SetLastError
GetCommandLineW
GetFileSize
HeapSize
DeleteFileA
lstrlenA
RemoveDirectoryW
GetStdHandle
Sleep
GetVersion
VirtualProtectEx
LoadLibraryA
CreateFileA
SetLastError
WriteConsoleW
OpenEventW
CreateFileMappingW
CreateMutexA
HeapDestroy
ReleaseSemaphore
RemoveDirectoryW
GetStartupInfoA
CreatePipe
CreateDirectoryW

user32

DestroyMenu
IsWindow
PeekMessageA
CreateIcon
MessageBoxA
GetClassInfoA
GetWindowLongA
FindWindowA
DrawTextW
IsZoomed
GetSysColor
DestroyMenu
DispatchMessageA

feclient

FeClientInitialize
FeClientInitialize
FeClientInitialize
FeClientInitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE