JaffaCakes118_6e22f3ee4935194b255596e882c53de8 | Triage

Sharing

General

Target

JaffaCakes118_6e22f3ee4935194b255596e882c53de8
Size

116KB
MD5

6e22f3ee4935194b255596e882c53de8
SHA1

87011d282b337bfc72bae9df501b809c65770f70
SHA256

43d5c4814df40970ff4a57d8e3d3398435975a7d8597693aaef339ac031b734c
SHA512

b0f87833dd2d4ab966e9a868ea73e5ed51294759ab896f17300fc306d6f312e7a6bd1a2756c134308542d68061a16773b359f4a0f675a96e346c3ac1d1f0b5b7
SSDEEP

3072:lBRj19daRh/kpj9nikJPd14JULebnu39de:fRB9Ah/mj3Pdrde

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6e22f3ee4935194b255596e882c53de8

Files

JaffaCakes118_6e22f3ee4935194b255596e882c53de8
.exe windows:4 windows x86 arch:x86

d8a15b551869b4d3b4c529e6fc78fa44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstVolumeW
GetLocaleInfoA
lstrlenW
CreateEventA
GetTickCount
VirtualAllocEx
lstrcpyW
GetModuleFileNameA
lstrcpyW
GetPrivateProfileIntA
GetStartupInfoW
GetNumberFormatA
IsBadStringPtrW
lstrcpyW
GetModuleHandleA
SetStdHandle
SetCurrentDirectoryA
SetConsoleTitleA
DeleteFileA
TlsAlloc
lstrcpyW
lstrcpyW
FindNextVolumeA

untfs

Format
Recover
ChkdskEx
Extend

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RData
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EDATA
Size: 512B - Virtual size: 273B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE