1297e8c7981c66469242d26635c5b517_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1297e8c7981c66469242d26635c5b517_JaffaCakes118
Size

63KB
MD5

1297e8c7981c66469242d26635c5b517
SHA1

e2e24d4af856661780c02879ffeb8c97a5f125e6
SHA256

422919c7fc57a1faa90ee665a1487e2fcb4ed1a9c26675a0428cbf65b2d593d4
SHA512

d2fab3ad35ab5c41069a57ef9dafe99fdaab9f9f1bc3c2308209e32f9472169cedca3352b4fc0458b313be10f89ddcfc4be555adafd8725d5e4e0de4ef9868a3
SSDEEP

1536:zw6JqUWDmJuTFOfKKgP8zY9KiqJwvGnsi2L:zwGqxDmJwFMK5UQdwsLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1297e8c7981c66469242d26635c5b517_JaffaCakes118

Files

1297e8c7981c66469242d26635c5b517_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4b6b522c25f46f7519a4876757c7ab9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetStringTypeA
CreateSemaphoreA
GetVolumePathNameW
FindClose
GetFullPathNameW
CreateEventA
GetModuleHandleA
GetCurrentDirectoryW
HeapCreate
GetModuleHandleW
FindClose
SetVolumeLabelA
CopyFileA
GetConsoleMode
FindClose
ReadConsoleW
GetEnvironmentVariableW
CreateFileMappingA
VirtualFree
GetFullPathNameW
FindNextVolumeW
Sleep

dbghelp

ImageRvaToSection
FindFileInPath
ImageRvaToVa
ImageNtHeader

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RES
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avdr
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ