11c01e4d73fcd0cc42a7f9fb3980c215_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11c01e4d73fcd0cc42a7f9fb3980c215_JaffaCakes118
Size

750KB
MD5

11c01e4d73fcd0cc42a7f9fb3980c215
SHA1

03ecb4021ec2b353724ba0783162dfd033143e6d
SHA256

b5bcf8caded8c5865c9564ef7fea2fe12955e9bf73b6c22816015a73d60b8f7b
SHA512

798b98ef763cbdde606ecaea1e782f306b82649a50f794ee5aa2d36ee72b682eb4fd7dd4b2dad80203f79dbe3083f418f8d498cbcd6928bb5d96e3669edf4abf
SSDEEP

12288:Rr4/vs6Dh2pa+sR0BCHxsIQ8StnKF1Bu86YzLH3PkWCei9WJaQtlMsCn5S2oI:Rr4Lhoa3HHlWnKPJH3cIhO56I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11c01e4d73fcd0cc42a7f9fb3980c215_JaffaCakes118

Files

11c01e4d73fcd0cc42a7f9fb3980c215_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a2a42f85455cd8d37cb486f3145af30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
FindClose
ExitThread
HeapFree
CreateDirectoryA
GetCommandLineA
FindAtomA
GetFileType
WriteFile
GetVersion
VirtualProtectEx
IsBadCodePtr
CreateEventA
GetSystemTime
SetEvent
CreateMailslotA
WriteConsoleW
SetVolumeLabelW
lstrlenA
FindClose
GetModuleHandleA
ReleaseMutex
ResetEvent
RemoveDirectoryA
SetStdHandle

clbcatq

CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup

rasmxs

DeviceEnum
DeviceEnum
DeviceEnum
DeviceEnum

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ