394d06373be0ae69060c0af618a7d233_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

394d06373be0ae69060c0af618a7d233_JaffaCakes118
Size

8KB
MD5

394d06373be0ae69060c0af618a7d233
SHA1

f95bb69fc751a0a962b42eb20792b405738f0f8a
SHA256

f8f70ad6ba6cdf5117840f0a2d2533f2d0d16c5cfac3611bf3221c638407faca
SHA512

d34af2b259d04d0fcf1720fc15e5587200b939f0bc62999e8bc210c3dbe01b4d5590e3e2537f60fe3cd9afaf6ff8045f00949348c0daf07d8086f80b5c77ba51
SSDEEP

192:8exe0Gc/acpLPQG79PI3Sp1GQV6QFWf/VCW/:PYIvhL9Q3+8QV6QFWf/VCW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394d06373be0ae69060c0af618a7d233_JaffaCakes118

Files

394d06373be0ae69060c0af618a7d233_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99cbd7a1fd5ff0780801872625e294ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCurrentThreadId
CreateThread
GetSystemDirectoryA
ExitProcess
GetLastError
CreateMutexA
lstrcmpiA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
SetFileAttributesA
DeleteFileA
lstrcpyA
GetTickCount
CreateToolhelp32Snapshot

user32

wsprintfA
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA

msvcrt

atoi
fopen
fgets
strrchr
_itoa

Sections

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ