401ac6941b72b0080e206a7ce7de4296_JaffaCakes118 | Triage

Sharing

General

Target

401ac6941b72b0080e206a7ce7de4296_JaffaCakes118
Size

819KB
MD5

401ac6941b72b0080e206a7ce7de4296
SHA1

5f1fb767f50fce80fde72c9c0e685b159b88357f
SHA256

89d03aff8b1a29219e0a7c6379a5ab66de4a73f7a036af7f78debfb7cff44eef
SHA512

0e1cb85f541473cb8521c93c964c8c513d17fb988ee3b047025109e41598a6fea015d1957f372f53a63d0a4976b66cb3caf22f1e7cac5f73cc9d394dffa3fd59
SSDEEP

24576:B0CyNgy15Nv3hc3+Dj8IL+gPYxz24AKRo:yCyNgiv3hcOv8ILtwxa4dRo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
401ac6941b72b0080e206a7ce7de4296_JaffaCakes118

Files

401ac6941b72b0080e206a7ce7de4296_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a8df462806b58963136e62cf5e70f85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetDiskFreeSpaceW
lstrcpynA
lstrcpynA
FindFirstVolumeA
lstrcpynA
lstrcpynA
OpenMutexW
ReadConsoleA
Heap32Next
GetCurrentDirectoryA
lstrcpynA
VirtualProtect
GetPrivateProfileIntA
GetDriveTypeW
lstrcpynA
lstrcatA
lstrcmpW
GetFileType
lstrcpynA
lstrcpynA
GetVolumeInformationA
VirtualFree
SetThreadPriority
GetModuleHandleA
GetSystemTime
lstrcpynA
WriteFile
GetCurrentThreadId

d3d8

ValidatePixelShader
ValidateVertexShader
Direct3DCreate8
DebugSetMute

Sections

.text
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hdata
Size: 796KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ