3c1d6ed8eceef1c6a8b90b76b21c1188_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c1d6ed8eceef1c6a8b90b76b21c1188_JaffaCakes118
Size

146KB
MD5

3c1d6ed8eceef1c6a8b90b76b21c1188
SHA1

7ee5c6345ec9d71f3a3ef91e1480ee2fd3540665
SHA256

7739959eb415f7dda16b13b4b4bd743cafb672af183eb86bd897ce122628992f
SHA512

c04eecbbb49a411b68558acb4e990c882d5a9ada1ffd9d169a8cab0da80f1b5461bcf1964aaab64f564b3315c36e2243cb8c5630dab125fb500e2709c6fb25ff
SSDEEP

3072:LgFCc/IMs9jRFJxNPKELQiM61qz8xRFCLMczIDMtHvGq2b3Isr:ncp+djLKEk98U64LMggq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1d6ed8eceef1c6a8b90b76b21c1188_JaffaCakes118

Files

3c1d6ed8eceef1c6a8b90b76b21c1188_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a53632f176e32ce8e76db05048e9949

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryType
SetUserGeoID
GetCommandLineW
GetVolumePathNamesForVolumeNameA
GetLocalTime
ChangeTimerQueueTimer
OpenJobObjectA
ReadConsoleA
LockFile
GetDllDirectoryA
GetStartupInfoW
AllocConsole
UnlockFile
GetProcessIoCounters
GetVersion
GetModuleHandleW
GlobalFlags
FindVolumeClose
ExitProcess
WriteFile
HeapValidate
GetVolumePathNameA
OpenSemaphoreA
VirtualAlloc
MoveFileExW
GetConsoleMode
GetCommandLineA
PulseEvent

winmm

timeEndPeriod
timeBeginPeriod

ole32

CoTaskMemFree
CoGetMalloc
StringFromCLSID
ProgIDFromCLSID

rpcrt4

RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcStringFreeA

Exports

Exports

Jnawiolstw
AddDtnfwbaeuk
Dffkrjdv
Kgfaudu
CreateXbqtqum
IsIkpdjcdlc
Xxhbxellx
WriteQlxgtycjlm
Vvpwrrjof
OpenCtvaucokn

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 137KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ