JaffaCakes118_6dbbbbd9cc7e0becdab8be287ab19fe0 | Triage

Sharing

General

Target

JaffaCakes118_6dbbbbd9cc7e0becdab8be287ab19fe0
Size

119KB
MD5

6dbbbbd9cc7e0becdab8be287ab19fe0
SHA1

be58284936554f9a88d936a3bbc655fd3b88b129
SHA256

10248ecbe586612c5559b4963431957edccb4b99421a0465c6f2df5b64ff7850
SHA512

378456688d9b68341879ab9368c1a4e06111def2c46d1eb2c5b391d14cb6b239da0611e912231298c2c76a9cadf471fd66aa90d7b88996428f74027ead12c500
SSDEEP

3072:qMgKFIsviXhl3oOqKG37lyRKfXBx0iQkYIKbCujQ:qMgKF9vixhgKO4Ru8iQj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6dbbbbd9cc7e0becdab8be287ab19fe0

Files

JaffaCakes118_6dbbbbd9cc7e0becdab8be287ab19fe0
.exe windows:4 windows x86 arch:x86

511e656b26b990ce011fb26e57a5fc7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetPriorityClass
GetProcessHeap
VirtualQueryEx
lstrlenW
CreatePipe
GetFileAttributesW
GetStartupInfoA
DeleteFileA
GetModuleHandleA
CopyFileA
WriteConsoleW
GetCommandLineA
DisconnectNamedPipe
HeapDestroy
GetStdHandle
ResumeThread
WriteConsoleW
lstrcpyA
WriteConsoleW
VirtualProtect
SetEvent

mmcndmgr

DllCanUnloadNow
DllRegisterServer
DllGetClassObject
DllRegisterServer

cryptui

CryptUIWizImport
DllRegisterServer
CryptUIDlgViewContext
CryptUIStartCertMgr
DllUnregisterServer
LocalEnrollNoDS
LocalEnroll
CryptUIWizBuildCTL
LocalEnroll
WizardFree
CryptUIWizExport
CryptUIWizDigitalSign
WizardFree

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.impdata
Size: 1024B - Virtual size: 769B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ