61028fd28a5b2d2a2482db90171fd257_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61028fd28a5b2d2a2482db90171fd257_JaffaCakes118
Size

14KB
MD5

61028fd28a5b2d2a2482db90171fd257
SHA1

a9c5958c72fdcafca2d39a5a48b62d656fb42879
SHA256

b1526dd5a79842e2ba855a15f03b369ec92968c0cd1b25fdd86861c8d228ff9f
SHA512

c81bc3c901cedb67be1fb2a6dfaeb4d2f0b6e53a6a893adb1497132091b5ab8ca0cbcd2132cd432322f7db6f584082146546ea012e7feb0e51e4b79293027898
SSDEEP

192:3Ivhz9kQU/hTyec0UmgGs6Kf7GwrFqxv0RHmWnBoP/uVkd+czla8UJPmXtJdpgv:R3c0dgGlKf7GwrFqZIn2WHg9TXtJzgv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61028fd28a5b2d2a2482db90171fd257_JaffaCakes118

Files

61028fd28a5b2d2a2482db90171fd257_JaffaCakes118
.exe .wsf .vbs windows:4 windows x86 arch:x86 polyglot

b38c4706edbe23ba00098a1e4a35f6ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
CloseHandle
DeleteFileA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
WriteFile
ReadFile
CreateFileA
lstrlenA
GetTempFileNameA
GetTempPathA
lstrcmpA
GetProcAddress
GetConsoleTitleA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

SetForegroundWindow
GetWindowThreadProcessId
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
EnumWindows

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ