1665af3b64e6fef5bdcc4059a64c2bd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1665af3b64e6fef5bdcc4059a64c2bd2_JaffaCakes118
Size

305KB
MD5

1665af3b64e6fef5bdcc4059a64c2bd2
SHA1

a4fe5d74d307a2d4330588d5f74268322d92278b
SHA256

79ebc246d69dac775d259ae6aa7bd85b49d8b2d871ac32627a7c42de1ba14b60
SHA512

002ee8d0de4039c8c6df6b0cae146de5b4a02196ec59685d1b82132ef1b70d6d1c8b3f4c650137c82ab94db28c956406764d62d2ba7d22ba23bcca7188c452ac
SSDEEP

6144:EiV+pJ9XnF6L7+XOp8f5gEIHUWzzTrF7/J4Qz6MmiWicojK4VZdHLd3g:NVwHFbOE8LpR4HtDojK4prd3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1665af3b64e6fef5bdcc4059a64c2bd2_JaffaCakes118

Files

1665af3b64e6fef5bdcc4059a64c2bd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fb02193cab00f280e8fe5188450b30b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
InitializeCriticalSection
ReleaseMutex
SuspendThread
GetStartupInfoW
HeapDestroy
CreateMutexW
GetModuleHandleA
ResetEvent
GetProfileIntW
GetFileSize
AddAtomA
CreateFileA
WaitForSingleObject
GetCurrentDirectoryA
DeleteFileA
CloseHandle
GetEnvironmentVariableA
HeapCreate
FindClose
HeapSize
GetTickCount
SetEndOfFile
SetLastError
ExitProcess

shell32

SHFree
DragFinish
ShellMessageBoxA
DragQueryFileA
DuplicateIcon
StrChrA
SHGetMalloc
DragAcceptFiles
DllUnregisterServer
ExtractIconA
SHGetDiskFreeSpaceA
ShellAboutA
SHGetSettings

dpmodemx

SPInit
SPInit
SPInit
SPInit

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ