0ac800e2a429a3786f646ea164877775_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ac800e2a429a3786f646ea164877775_JaffaCakes118
Size

59KB
MD5

0ac800e2a429a3786f646ea164877775
SHA1

655a62f744ed2b6cba7c059a494d5b25e8de3d6f
SHA256

34863a030a91b0948801311d0ec5246d1e91709f52e1cd0db4ddd00cf5ac6048
SHA512

48d728021c7555ed1cd091f51d512b8167fb62da457c16da20c8f976a0c7bc6fcd5a4ebf77c90df35b7628036b6e95be8ff56fc71cbaf566e60cabc205afeafd
SSDEEP

768:rIZU57CVvwkn25t/s9Z0Wr8MIsmuPdMIbPf0PCalLFuDMtLHCozbj8nN9QzYGH3c:rbUvH27/Y+A1P7PdMaX0aaFOCjc9sp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ac800e2a429a3786f646ea164877775_JaffaCakes118

Files

0ac800e2a429a3786f646ea164877775_JaffaCakes118
.exe windows:4 windows x86 arch:x86

340254a3bbe5e643ff83c44e5ce76ec6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
SuspendThread
CreateNamedPipeA
lstrcmpiA
lstrcmpiA
GetVolumePathNameA
IsValidLocale
lstrlenA
SetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
WaitForSingleObject
Sleep
CreateMailslotA
GetProcessHeap
lstrcmpiA
GetStdHandle
FileTimeToLocalFileTime
lstrcmpiA
GetDriveTypeW
lstrcmpiA
HeapCreate
DeleteFileA

scecli

InitializeChangeNotify
SceOpenPolicy
SceSysPrep
DeltaNotify

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ