JaffaCakes118_5b63f33e824b15caa18fd261c1c9f0c0 | Triage

Sharing

General

Target

JaffaCakes118_5b63f33e824b15caa18fd261c1c9f0c0
Size

134KB
MD5

5b63f33e824b15caa18fd261c1c9f0c0
SHA1

7e140511903e05d7e3c56f11b119cd9a669b9e11
SHA256

57207dd0bebed6a1a17649b0456b3e57d176ffd9e79cb0b46d58c6fadcf521d8
SHA512

b31aaee92d25ef36f666ccf2185bf3654d1b7b657967786295f85cbd8269249ed795ae1cbc0c946f116a09e7189b4e3f74f86a01f019b62ee73846e51e24d6b3
SSDEEP

3072:2SyMxc8Mbu2ViGbcI8QA2GiWdIt9zljngcpW:tZEiG4I8Q5G5IrgoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5b63f33e824b15caa18fd261c1c9f0c0

Files

JaffaCakes118_5b63f33e824b15caa18fd261c1c9f0c0
.exe windows:5 windows x86 arch:x86

2215ea1e4f26e29ab9d44da929aac047

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FindAtomA
DeleteFileA
GetProcessVersion
HeapFree
GetProcessHeap
CreateMailslotA
SetLastError
SuspendThread
TlsGetValue
GetPrivateProfileSectionA
GetCurrentThread
CreateEventW
VirtualProtect
lstrlenA
ResumeThread
CreateEventW
LoadLibraryW
GetStringTypeW
GetPrivateProfileIntW
CreateEventW
GetDriveTypeA

clbcatq

CheckMemoryGates
CheckMemoryGates
ComPlusMigrate
ComPlusMigrate
DllGetClassObject
ComPlusMigrate
DllGetClassObject
SetupOpen
SetupOpen
CheckMemoryGates
CheckMemoryGates
CheckMemoryGates
SetupOpen

d3dramp

RampOldTri
g_RampOld_BeadTbl
RampOldTri
g_RampOld_BeadTbl

Sections

.text
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE