170d38305fe170185d9889c3da90cbd3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

170d38305fe170185d9889c3da90cbd3_JaffaCakes118
Size

880KB
MD5

170d38305fe170185d9889c3da90cbd3
SHA1

154ff2f8aaa98ce17b5c769c745e5441ec0fae3d
SHA256

a86f94fd15d9f94eaaf2f47d9beb03d474b5e2461cfe1432cabf80d33d1b66ec
SHA512

38566a86aaed38a95841f3f29f6301999bb39903f3ea9f6ce40ea38d7907b49fae0d08889f65b0e52eab8a17a41628f95c715d4672d97f2941bdabb3c0377df8
SSDEEP

12288:taIRGFzyNnv7/LDOnB2RLvlGYkKA9jilw3gj+HpdtukkPzHxbojac:tLsUbLynoRq9Wlw3VztuJjxMac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170d38305fe170185d9889c3da90cbd3_JaffaCakes118

Files

170d38305fe170185d9889c3da90cbd3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6fd85ec1e5f45dd2921664ed162acd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenA
ReleaseMutex
HeapCreate
SetEvent
DeleteFileA
CloseHandle
HeapDestroy
GetConsoleAliasA
CreateFileMappingW
GetStartupInfoA
GetModuleHandleA
TlsAlloc
GetModuleFileNameW
GetDriveTypeA
DeviceIoControl
CreateFileW
IsDebuggerPresent
GetCommandLineA
CloseHandle

user32

DispatchMessageA
FindWindowW
DestroyWindow
IsWindow
GetIconInfo
LoadImageA
CallWindowProcW
IsZoomed
GetWindowLongA
DestroyMenu
DispatchMessageA
DrawTextW
PeekMessageA

devenum

DllRegisterServer
DllRegisterServer
DllRegisterServer
DllRegisterServer

rasapi32

DwCloneEntry

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ