3028bd189e2a3ced14316ce6499f0f00_JaffaCakes118 | Triage

Sharing

General

Target

3028bd189e2a3ced14316ce6499f0f00_JaffaCakes118
Size

58KB
MD5

3028bd189e2a3ced14316ce6499f0f00
SHA1

bfcaa152a6511af31b7af615a456124a4b476805
SHA256

4f439bc2f8a44cd6415648379c75e7fd35018ff84fcd636292b0f0b267651bfb
SHA512

c5059d381cef5e75f5f51c1b5c4018459b42561ba25d92e0ddb938863a7cb3cbb0a1948d81c1f5a02c56542d5e1885e1ac4b2d8641ed8388858b74849e976ea6
SSDEEP

1536:BLXSuQi7y08000YFOr2akkbeSBglsw0wmZD:BLGQ/0+rNkkbnBglE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3028bd189e2a3ced14316ce6499f0f00_JaffaCakes118

Files

3028bd189e2a3ced14316ce6499f0f00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

034a4e8af70467366fb71302bb0178ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FileTimeToLocalFileTime
GetStdHandle
Sleep
lstrlenA
lstrcmpiA
WaitForMultipleObjects
GetVolumePathNameW
DeleteFileA
GetLogicalDriveStringsW
SetLastError
IsValidLocale
CreateNamedPipeW
GetModuleHandleA
OpenMutexA
lstrcmpiA
GetProcessHeap
lstrcmpiA
CreateMailslotA
lstrcmpiA
lstrcmpiA
GetDriveTypeW
HeapCreate

scecli

DeltaNotify
SceOpenPolicy
SceSysPrep
InitializeChangeNotify

Sections

.text
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ