a38915df6a6c11fc83c9662ad2abd523_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a38915df6a6c11fc83c9662ad2abd523_JaffaCakes118
Size

310KB
MD5

a38915df6a6c11fc83c9662ad2abd523
SHA1

9112e69bc9c7cf7c974a8ef27ea35f3b46c7e640
SHA256

8921924c2855c51f7a192e212e9b4da933b6ce995b00c974ca3c29d1dd977711
SHA512

5b3a464b4b6b35b4c889d56819b54bd8be52bce32cb0f8c78b615d9467559558fe07a654f62d8d82b72638038e5fe9d87cc1de0fc7e2e96f5be93508128905d2
SSDEEP

6144:dRQh6Yky1SAJva2jJhqZVJf44i/PjwYoVDTP46f0Dtb:z3dk/JvFjjkc3ZoV3PQZb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a38915df6a6c11fc83c9662ad2abd523_JaffaCakes118

Files

a38915df6a6c11fc83c9662ad2abd523_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c587e51627e935cf6d76f5f2463241df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
InterlockedDecrement
GetPrivateProfileIntA
GetLongPathNameA
SetEnvironmentVariableA
Sleep
GetDiskFreeSpaceW
VirtualAllocEx
CreateDirectoryA
GetPrivateProfileSectionA
lstrcpyW
WaitForSingleObject
GetPrivateProfileIntA
GetFileAttributesA
FindResourceW
WriteFileEx
ExitProcess
lstrcmpA
InterlockedIncrement
LoadLibraryA
GetExitCodeProcess
Sleep
Sleep

apphelp

AllowPermLayer
ApphelpCheckIME
ApphelpCheckExe
SdbCreateMsiTransformFile

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rss
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ