575d40deb2123be0ad4a8f81ab35f877_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

575d40deb2123be0ad4a8f81ab35f877_JaffaCakes118
Size

749KB
MD5

575d40deb2123be0ad4a8f81ab35f877
SHA1

b01aaa7230fb80f83b9d81d63d7ef65ed6934266
SHA256

d2a279dca277f2fd0ae18d94e7848081b3c8df4fa8083dbf6ec0bd42028e5da0
SHA512

dbdba15be376a431e5184352ca11d4abbf20165601fc5c00f7d967381dba9cfbd2fe4e82de4010dbd99391f19aae3e39739c2994f506d5e0fa33922161c2d943
SSDEEP

12288:KjPNgwuGxRgHsZeED96LoX6XvyD+stZbtW4v0RFblx+FOSoST1g7oYAUC6kgPMHt:KjPgGTZ7J0m5tZsI0/6FSM1g7o76u1hR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
575d40deb2123be0ad4a8f81ab35f877_JaffaCakes118

Files

575d40deb2123be0ad4a8f81ab35f877_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f60023f66c542dda6eb321ecfa26e68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
SetLocalTime
lstrlenA
OpenEventA
GetLastError
DeleteFileA
VirtualProtectEx
GetModuleHandleA
CreateMailslotW
Sleep
WriteConsoleW
GetCommandLineA
CreateDirectoryW
GetFileType
RemoveDirectoryA
SetEvent
FindClose
WriteFile
ReleaseMutex
CreateEventW
CreateFileMappingW
RemoveDirectoryA
HeapFree
SetStdHandle
ResetEvent

ntshrui

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

cmcfg32

CMConfig
CMConfig
CMConfig
CMConfig

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ