f40f1611ab3f0f2e68e6510f0dccd9a3_JaffaCakes118 | Triage

Sharing

General

Target

f40f1611ab3f0f2e68e6510f0dccd9a3_JaffaCakes118
Size

146KB
MD5

f40f1611ab3f0f2e68e6510f0dccd9a3
SHA1

5059996065bf2851c4ebde7830c91ca88f5fd580
SHA256

5c1a093155a50132f6f0c8ae43e3afbeeeca0af19e628b56a674920e71dd987f
SHA512

0715f3a760996a97279ec89ad275cdeb0e5b9e0f5ab7a6376b5a315df605f152bc06b58d9ce7fe0b55b232586976b83dc054d39790ee2cb15d3636325f92c3a2
SSDEEP

3072:lfzYe0x+5ZHydrsuLcKMvhXL/MkkVtJI3ED3tSG6:lfzYe0xcHydYuLiv54VzI3E96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f40f1611ab3f0f2e68e6510f0dccd9a3_JaffaCakes118

Files

f40f1611ab3f0f2e68e6510f0dccd9a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c58243f7af0c4f3063f56c3147f0aea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetConsoleTitleW
TransmitCommChar
EnumTimeFormatsA
TlsGetValue
GetModuleHandleA
DnsHostnameToComputerNameA
GetCommandLineA
EnumCalendarInfoExA
GetStartupInfoA
DeleteCriticalSection
CreateEventA

user32

UnregisterHotKey
DlgDirListA
SetMenuItemInfoA
IMPSetIMEW
IsWindow
DestroyWindow
SetDlgItemInt
EnumWindowStationsA
CharToOemW
DdeFreeStringHandle
TrackPopupMenu

msvcrt

__set_app_type
memcpy
_XcptFilter
__setusermatherr
_exit
_except_handler3
exit
__p__fmode
__p__commode
__getmainargs
_adjust_fdiv
_initterm
_acmdln
_controlfp

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ