2d295db8606ddc003011af5fbff1b4f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d295db8606ddc003011af5fbff1b4f0_JaffaCakes118
Size

306KB
MD5

2d295db8606ddc003011af5fbff1b4f0
SHA1

3456a568049a2298d806d2836faa5764a89a7369
SHA256

6457325eea5debf09c0d091ed868946e7714de3939dc7095385b8f9aa0367008
SHA512

33a1e811546ec835d33768f908a1a35c498ef5a0ad16044fcaae292c30431ad71140e624c627364dd559306a85d4d7f6804a256490132fc946fb7ddf62073387
SSDEEP

6144:KDqz/LFQpFjlbBp2sEJ0Ue+25BrTw8P7nuUL:KDqDBihp2bJY+2frnP7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d295db8606ddc003011af5fbff1b4f0_JaffaCakes118

Files

2d295db8606ddc003011af5fbff1b4f0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65344099441b1739fa866c5c8d63254e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
GetModuleHandleW
OpenMutexW
GetFullPathNameA
GetModuleHandleA
WaitForMultipleObjects
FindFirstVolumeA
GetFullPathNameA
GetConsoleMode
GetStringTypeA
HeapCreate
GetCurrentDirectoryA
ReadConsoleA
CloseHandle
GetVolumePathNameA
CloseHandle
GetEnvironmentVariableW
CreateSemaphoreA
CloseHandle
ReleaseSemaphore
FindNextVolumeA
GetDiskFreeSpaceW
GetFileAttributesW

certmgr

DllUnregisterServer
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.pack
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE