85006b8a45a95dfd95237631fccaeb64_JaffaCakes118 | Triage

Sharing

General

Target

85006b8a45a95dfd95237631fccaeb64_JaffaCakes118
Size

118KB
MD5

85006b8a45a95dfd95237631fccaeb64
SHA1

e2fde385b2cc1cd41be591abf0b5c2d4195c4564
SHA256

34e7579d80cc77c11ea81414b147d653a5f369d7ad7fbc4b0ad53843e164d6bd
SHA512

ceb009bc1d1c88f56378315126e90a36e4b686cb0eb7fc92b830d260c7b6eff32bedb13e4f57680379de944eef97fb810624891a449ceb53ee5c26348a7b56b5
SSDEEP

3072:Y3Nu2KVkPN3yEIqEhL+H1LzXnBT6GDlXGXixfb0:YLKeljIqWL+HJXn4GDNGw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85006b8a45a95dfd95237631fccaeb64_JaffaCakes118

Files

85006b8a45a95dfd95237631fccaeb64_JaffaCakes118
.exe windows:5 windows x86 arch:x86

81701f24a4c0e64aef481e244e77cfc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMailslotA
DeviceIoControl
WriteConsoleW
CreateSemaphoreW
InitializeCriticalSection
GetModuleHandleW
SetCurrentDirectoryA
VirtualAlloc
CreateFileMappingW
GetStringTypeW
InterlockedExchange
GetShortPathNameW
SetEnvironmentVariableA
GetModuleHandleA
SetVolumeLabelA
CreatePipe
FatalExit
GetACP
DeleteFileA
DeleteFileA
DeleteFileA
GetConsoleAliasA
GetProcessHeap

mshtml

ShowHTMLDialog
ShowModalDialog
ShowModelessHTMLDialog
DllEnumClassObjects

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrs
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.afdr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ