JaffaCakes118_660024c4658550be3775eaf5c4684580 | Triage

Sharing

General

Target

JaffaCakes118_660024c4658550be3775eaf5c4684580
Size

130KB
MD5

660024c4658550be3775eaf5c4684580
SHA1

8984b460e1f1baa38ed4457256abd7e6f749af7d
SHA256

a74c98c44293e9b0e9b706eb4b074a76219c564c53dd5d8570ed8a41b84046b1
SHA512

48b09e5ff7ff2a48c3a741ba6fb117468f3eb0d7677659b76fe66060bb837c44ff6f167ea4463b1f19b38d18399c5579df2f38a5c3dc67961fe8aa137b3b2d2d
SSDEEP

3072:Bvrxp7AG08fON4IxZoOFpLXt1Xn7Z1vPR5hZ1i154:dn84IxvpLj7ZtPR5hfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_660024c4658550be3775eaf5c4684580

Files

JaffaCakes118_660024c4658550be3775eaf5c4684580
.exe windows:5 windows x86 arch:x86

fadc07ff0cbfb2347a8d04abd78841a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrentThread
HeapFree
DeleteFileA
lstrlenA
CreateEventW
ClearCommBreak
GetDriveTypeA
DeviceIoControl
GetPrivateProfileSectionA
CreateMutexA
ResumeThread
TlsGetValue
GetFileAttributesW
DeviceIoControl
GetProcessHeap
HeapDestroy
VirtualProtectEx
GetStringTypeW
LoadLibraryW
SetLastError
GetPrivateProfileIntW

rasapi32

DwEnumEntryDetails
RasDialA
RasDialA
DwRasUninitialize
RasDialA
DwEnumEntryDetails
DwCloneEntry
RasDeleteEntryA
DwRasUninitialize
DwEnumEntryDetails
DwRasUninitialize
RasDeleteEntryA
DwCloneEntry

pdh

PdhGetLogFileTypeA
PdhCloseLog
PdhGetLogFileSize
PdhAddCounterA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ