309ed2a5c5b679a3ed6b70e0f3a22573_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

309ed2a5c5b679a3ed6b70e0f3a22573_JaffaCakes118
Size

769KB
MD5

309ed2a5c5b679a3ed6b70e0f3a22573
SHA1

eb2d4dd0de61a2af269bccd7af51dd75a02c326a
SHA256

d291e8bfea287e74bbb760b231291784bf1b0c5db3b8bf39c84dba83c7b82b2b
SHA512

7e27c9d862dc703586eb383a6a222eb815a166af1b420a6a2c163942e3ff8aab933a6a799a3f285a1c925773a1498973392375da47560a366143f2aaaf6e51b5
SSDEEP

12288:JonJeHnqDyugigP+6tTw4jK9Bnzzc85pBvKFJjJpJpmIXF6oNvxN/ats3rfRWm2f:TbimtTNKHcwAJjJUIcoFLy637R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309ed2a5c5b679a3ed6b70e0f3a22573_JaffaCakes118

Files

309ed2a5c5b679a3ed6b70e0f3a22573_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ea3af1a50093cc5597d56cd6ed8fc75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
CreateFileA
CreateFileMappingW
GetDriveTypeA
CreateDirectoryW
GetModuleHandleA
RemoveDirectoryA
FindClose
ResetEvent
GetFileType
VirtualProtect
ReleaseMutex
HeapFree
RemoveDirectoryA
Beep
lstrlenA
OpenEventA
WriteFile
FindClose
GetTickCount
GetCommandLineA
WriteConsoleW
SetStdHandle
ReleaseSemaphore
DeleteFileA

user32

PeekMessageA
GetWindowLongA
DestroyMenu
DestroyMenu
GetClassInfoA
DispatchMessageA
CreateIcon
MessageBoxA
GetSysColor
FindWindowA
IsZoomed
DrawTextW
IsWindow

dmloader

DllGetClassObject
DllGetClassObject
DllGetClassObject
DllGetClassObject

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ