cfde179a1fcc2f6cfb452777ca29058a_JaffaCakes118 | Triage

Sharing

General

Target

cfde179a1fcc2f6cfb452777ca29058a_JaffaCakes118
Size

105KB
MD5

cfde179a1fcc2f6cfb452777ca29058a
SHA1

11a6c81f6019945d15cd735f1739ba062e8025bb
SHA256

e8fcbd3adb1c598a3f72f0d6089e6aa1b732dc2a068efa3c75969824306a9c96
SHA512

fd0e7a894f22c4c3f06295cf407daa6be840566e9d2f3cb6e7700389cebb1d8a40c9e09a8e89e210d352b0b066ee776caac7a5fb1e468c741a207e9dd70bc318
SSDEEP

3072:7z3qSOconZkOyP7D0qBawuS5fVHC6Asw6goEI:SSOcoZ7yP7QqnxFVHus9gu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfde179a1fcc2f6cfb452777ca29058a_JaffaCakes118

Files

cfde179a1fcc2f6cfb452777ca29058a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

85bbc879675cf8f47d6bad26242369c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
HeapDestroy
IsBadCodePtr
ResetEvent
GetCurrentDirectoryA
CreateFileA
FindAtomA
DeleteFileA
FindVolumeClose
FindVolumeClose
HeapSize
GetStartupInfoW
GetFileSize
CloseHandle
GetTickCount
SetEndOfFile
ResumeThread
ReleaseMutex
GetEnvironmentVariableA
HeapCreate
InitializeCriticalSection
WaitForSingleObject
SetFileAttributesA
GetTickCount

wininet

HttpQueryInfoA
FtpFindFirstFileA
FtpCreateDirectoryW
HttpEndRequestA
DeleteUrlCacheEntryA
FtpOpenFileA
FtpDeleteFileA
DeleteUrlCacheEntryA
FtpGetCurrentDirectoryW
FtpPutFileA
DeleteUrlCacheEntryA
FtpGetFileW
FindCloseUrlCache

serwvdrv

DriverProc
DriverProc
DriverProc
DriverProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ