149ff4e0479a0ff943ee11ebe5c8a515_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

149ff4e0479a0ff943ee11ebe5c8a515_JaffaCakes118
Size

304KB
MD5

149ff4e0479a0ff943ee11ebe5c8a515
SHA1

8fd15776862c71dd434b5efaf44736ec3dc68afa
SHA256

a0c9a4655646965da3df018357fc6dbbff3840b4e4622fbcc71cbe7669b3ad5c
SHA512

7afe9091958fc46647a9a852e10ac1b65d84f1339f8fbda886fcf7df6b5a9558f5f7a9b60fb3839159090da345d40573624a3920f1576f9ef56d639a2a486ba6
SSDEEP

6144:KxOJX12g24MrlYgRYD+b7V2vZEEuRTS+XhFqUry3QyTVzcN:KiLTMrlSQV2vZEE4BvrIQyTVz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149ff4e0479a0ff943ee11ebe5c8a515_JaffaCakes118

Files

149ff4e0479a0ff943ee11ebe5c8a515_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8d02bdbcd3db4ebf5f637c42963be3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
LoadLibraryA
SetLastError
GetTickCount
DeleteFileW
Sleep
GetStartupInfoA
GlobalFree
GetFileAttributesA
CloseHandle
GetProcessHeap
VirtualProtectEx
WriteConsoleA
SetLastError
CreateMutexA
CreateDirectoryW
lstrlenA
SetEvent
CreateSemaphoreA
HeapSize
CreateHardLinkW

cryptui

DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer

vdmdbg

VDMBreakThread
VDMDetectWOW
VDMGetContext
VDMGetPointer

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE