JaffaCakes118_a6b6fae00bee7da928eddae33795b4d9 | Triage

Sharing

General

Target

JaffaCakes118_a6b6fae00bee7da928eddae33795b4d9
Size

187KB
MD5

a6b6fae00bee7da928eddae33795b4d9
SHA1

dbf46ccee8a223ab8307346715d375570b42bc11
SHA256

283d2334a993e01097c1c7d01e6d5a1bbd531b77cb9ed5ef4bec802055fc49a1
SHA512

7781aba5dd8aaff9435853ced299329ea32825359309d27eebaaf7f68d3b8681eb2683d4c2c208195a265bb04fa9a84e447b7dbc853fff3b21d88e00ca9a0c58
SSDEEP

3072:TbVFc9nDbdmVniB4vegqy+fzQPRnSj/tr2SfGNxkqsm2We7ditqoVzhRtvmo0M:TCtIniBa+rYSj/52SYs0cdiIoHRl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a6b6fae00bee7da928eddae33795b4d9

Files

JaffaCakes118_a6b6fae00bee7da928eddae33795b4d9
.exe windows:4 windows x86 arch:x86

78853d1b08e181bca74e037805970abf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrByteCountPointerFree
UuidToStringA
UuidCreate
RpcStringFreeA

kernel32

FlushInstructionCache
SetLastError
RtlUnwind
TlsSetValue
InterlockedIncrement
DuplicateHandle
GetThreadContext
GetCurrentProcess
GetCurrentThreadId
WriteProcessMemory
InterlockedExchange
GlobalFree
GetStartupInfoA
VirtualProtectEx
ExitProcess
HeapFree
GlobalAlloc
RaiseException
GetVersionExW
GetLastError
WaitForSingleObject
FormatMessageA
SetLocaleInfoW
GetTempPathW
GlobalLock
GetCommandLineA
CreateFileW
GlobalUnlock
LocalFree
GetFileSize
InterlockedDecrement
DeleteCriticalSection
HeapAlloc
GetWindowsDirectoryW

gdi32

SelectObject
RealizePalette
UnrealizeObject
DeleteDC
CreateCompatibleDC
SelectPalette
SetMapMode
GetObjectA
BitBlt
GetDeviceCaps

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ