0ad0dd0bd72e4b5f186575d21387d4a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ad0dd0bd72e4b5f186575d21387d4a2_JaffaCakes118
Size

307KB
MD5

0ad0dd0bd72e4b5f186575d21387d4a2
SHA1

c8ae24d6f196e4872283719fe2fc1c8fe3054d51
SHA256

1b8ca7756769e3ce1583486b66d674928add591337745c58cca66f4dd5b280e6
SHA512

62b9e4cc98a40e66608e04ccb57a592e6d4bc12b0ecdd232bde577e12f46db4e46610de5f0679afd6bf36608c5df6f4f0a3b6d7def6a892b8977c65ccd4cd72f
SSDEEP

6144:R7t/DqWVCuHv7WudE3MUfhOrPN3bPHBl00cP64MqkE4L:b/pHvSJBpuPN3b/Bl0lxMqn4L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ad0dd0bd72e4b5f186575d21387d4a2_JaffaCakes118

Files

0ad0dd0bd72e4b5f186575d21387d4a2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7bae47abe500a46a83e4fb750917db2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntW
SetFilePointer
OpenMutexA
Sleep
Sleep
GetDiskFreeSpaceA
CreateEventA
lstrcmpA
LoadLibraryA
WaitForMultipleObjects
GetExitCodeProcess
GetPrivateProfileIntW
HeapCreate
CreateDirectoryA
Sleep
lstrcmpiA
GetPrivateProfileSectionA
InterlockedExchange
SetEnvironmentVariableW
GetDiskFreeSpaceA
GetPriorityClass
GetFileAttributesA
LoadLibraryExW

catsrv

CreateComponentLibraryTS
OpenComponentLibraryTS
GetCatalogCRMClerk
DllCanUnloadNow

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE