3715745a86654b8e8c4e02e82fd728d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3715745a86654b8e8c4e02e82fd728d0_JaffaCakes118
Size

400KB
MD5

3715745a86654b8e8c4e02e82fd728d0
SHA1

0aa60460d1d3be2176d1be4ef1bf3a56395e5aec
SHA256

05e0a031c02e17b9af7980d107f6c8357ab6af2e7cd21ddab7e41dff6e7180cd
SHA512

116e31d1575032ef892a8668abd11152bc50b4c37f837095e7db4663c8a819ef634fdad1858d7592054a24588411626f35ba7f6b095faf5ccf5145f6d241a1b3
SSDEEP

6144:Mgco2dBEJvtTPsYrcyQJgPTc3Tv7zK367AV2:MgWdBEJvt/LZ7Q7uqcV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3715745a86654b8e8c4e02e82fd728d0_JaffaCakes118

Files

3715745a86654b8e8c4e02e82fd728d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a1b81e0593b9bd5765e948fec54267db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
CloseHandle
CreateEventW
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcessHeap
GetStdHandle
GetStringTypeA
GetStringTypeW
GetCommandLineW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InterlockedExchange
InterlockedIncrement
LCMapStringA
LCMapStringW
LoadLibraryA
LoadLibraryExA
MultiByteToWideChar
ResetEvent
RtlUnwind
SetFilePointer
SetHandleCount
SetStdHandle
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
CreateFileW

user32

LoadIconA
LoadCursorA

advapi32

RegOpenKeyW

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ