JaffaCakes118_6b500785ac897b78a7a928e86823ba80 | Triage

Sharing

General

Target

JaffaCakes118_6b500785ac897b78a7a928e86823ba80
Size

134KB
MD5

6b500785ac897b78a7a928e86823ba80
SHA1

810521269fba1d5f9685e4bd46a28056d095fdc4
SHA256

92b44cc34717f5a7ad33b126e802f82b74520e5d80affd204705ad2cc317cf54
SHA512

e10348db03723afa5090975b086be34d2b00efb493dae0525579ce474e4f3643eb82bad0884d94c365a7d9e9d3f51a4bfa50a03fdf28d53f2e49080ba3b030ed
SSDEEP

3072:Wl4gqQzF2JshVcrTeOMDKS3hlD1hT0nJ1WXi23izOrN0HmcF4:tSZYuST3MDXPT01WSEi0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6b500785ac897b78a7a928e86823ba80

Files

JaffaCakes118_6b500785ac897b78a7a928e86823ba80
.exe windows:5 windows x86 arch:x86

038de26025e69834739ccb40e9319c66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetDriveTypeA
SetLastError
GetStringTypeW
VirtualProtectEx
HeapDestroy
DeleteFileA
ResumeThread
ClearCommBreak
TlsGetValue
GetFileAttributesW
CreateMutexA
HeapFree
GetCurrentThread
DeviceIoControl
lstrlenA
GetProcessHeap
LoadLibraryW
CreateEventW
GetPrivateProfileSectionA
DeviceIoControl
GetPrivateProfileIntW

rasapi32

DwEnumEntryDetails
RasDialA
RasDialA
DwRasUninitialize
DwRasUninitialize
RasDeleteEntryA
RasDialA
RasDeleteEntryA
DwCloneEntry
DwEnumEntryDetails
DwCloneEntry
DwEnumEntryDetails
DwRasUninitialize

pdh

PdhCloseLog
PdhGetLogFileSize
PdhAddCounterA
PdhGetLogFileTypeA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ