4be91b1063b7896bcc470f1fc8d1fc12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4be91b1063b7896bcc470f1fc8d1fc12_JaffaCakes118
Size

589KB
MD5

4be91b1063b7896bcc470f1fc8d1fc12
SHA1

c6572424fa8dea43c80e9eabd7d8f6ab6cdaadfe
SHA256

b08298eb19ba4881e7d14b1addee60cd6a05ca3482e21831a3d62e15d898c0ae
SHA512

afb6a02c06a51d54f37edf8e1afc2d466a11ebebaec696fe2fee85f64e7c3dd8946ddc983b2fdb6c21290c3c028225eb0d6a35687172e06a83e5e9161ef0cdc4
SSDEEP

12288:ZrtOdnTs9URQIT3FnQJPmaGzJuGcCXZh6nebQavoFMMiaCM/qmf:tt+T4lfJPmxlubCzqebHvUOIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4be91b1063b7896bcc470f1fc8d1fc12_JaffaCakes118

Files

4be91b1063b7896bcc470f1fc8d1fc12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a9c9d8e7cbbdba743408fa0c1a50d22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
malloc
memcpy
free
fseek
ftell
fread
fopen
longjmp
_setjmp3
fclose
floor
pow
strlen
gmtime
__p__iob
fprintf
frexp
modf
_CIpow
fwrite
fflush

kernel32

GetModuleHandleA
HeapCreate
GetACP
VirtualAlloc
HeapDestroy
ExitProcess
lstrlenA
HeapFree
HeapAlloc
DeleteFileA
HeapReAlloc
GetTempPathA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteFile
CloseHandle
GlobalLock
GlobalUnlock

user32

MessageBeep
MessageBoxA
DrawEdge
OpenClipboard
GetClipboardData
CloseClipboard

Sections

.code
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ