fb5ba82df912731f36797874d869f570_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb5ba82df912731f36797874d869f570_JaffaCakes118
Size

96KB
MD5

fb5ba82df912731f36797874d869f570
SHA1

b7881c4240f97761ad2d57aa07104207ad114c72
SHA256

5aef330aac7d7e12b68c72a6efa9c1a16286b5b1459ac335a0c24a818be91407
SHA512

0c30cebbb216c49dc9e6c9ce76b935650adeef7bfd2ba1981d3e7a8785f9b8aa382b7df273292e99421a56ad382fca2a9d0384a116036bf03e3a6c2ca1b9a93e
SSDEEP

1536:8UkVsmGcWXv3LjR92bpwNVHCp+UEZji9xvUfG7hn:OGcALSaNVi2ji/UQhn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb5ba82df912731f36797874d869f570_JaffaCakes118

Files

fb5ba82df912731f36797874d869f570_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02e482d02af9ca0e197e8e8cd48d0676

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_controlfp
wcscpy
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
wcsncpy
memcmp
swprintf
printf
fopen
fwrite
fclose
fflush
wcscmp
wcschr
wcslen
wcscat
_except_handler3

rpcrt4

UuidCreate

ws2_32

WSCInstallProvider
WSCEnumProtocols

kernel32

GetLastError
VirtualQuery
GetModuleHandleA
FindResourceA
LoadResource
SizeofResource
GetSystemDirectoryA
lstrcatA
lstrcpyA
MoveFileExA
lstrlenA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
HeapAlloc
GetProcessHeap
GlobalFree
GetStartupInfoA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ