26f816e806f23122e31fa439e38a078f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26f816e806f23122e31fa439e38a078f_JaffaCakes118
Size

302KB
MD5

26f816e806f23122e31fa439e38a078f
SHA1

187044167e97158c344d2f2f04f7bbe9ebf2e42d
SHA256

8a7569a71bf3f289aa4b1df6d76e1a4558a80b857696c340990dcd70727d8807
SHA512

e232e5bd45d4f47096c451b172bcd4e786a1ace288078c4b96e7368e9423bb42c95ee18f204da3fc48608b5dadf0d3abd2dc8a53f2168a159cf1b0fd05781553
SSDEEP

3072:6Jwbe7I4LVmgh83spm0+mZLkl0lpCCf7oZuc43alOsKqZCVffepTdOBEapmnr67+:bk9L9hwRgfTfgia/t+5tpm+Ne6DZVJ2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f816e806f23122e31fa439e38a078f_JaffaCakes118

Files

26f816e806f23122e31fa439e38a078f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

25305cea73f797488fce7a5f6a3473ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
GetPrivateProfileIntW
CloseHandle
InterlockedExchange
WaitForMultipleObjects
CloseHandle
GetDiskFreeSpaceA
GetDiskFreeSpaceA
lstrcmpiA
GetPrivateProfileSectionW
HeapCreate
OpenMutexA
SetEnvironmentVariableW
CloseHandle
GetFileAttributesA
SetFilePointer
LoadLibraryExW
CreateEventA
GetPriorityClass
CreateDirectoryW
GetModuleHandleA
GetPrivateProfileIntW
GetExitCodeThread

certmgr

DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE