02eca00596518350c47953d9cd18cbac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02eca00596518350c47953d9cd18cbac_JaffaCakes118
Size

20KB
MD5

02eca00596518350c47953d9cd18cbac
SHA1

f5309206d6059f6167613a10c7cc0edf8ed8a541
SHA256

f89007e15dd2ffdf3a208ff960b5b2044a60d03943a41f84ef87797d399d7e79
SHA512

e6cf9b1d35dc9f40fb6429837522bb19fce4d94becfae8bcf5811b51051e4ed406d04ed67a943621cf257a5d603d423c5c23b0e45e9b432363bb71b4e304ddd9
SSDEEP

384:yQFebpVxrgvtE4GlEpMjGpkL2KZTO9jF+Hsof4/3ovHNd8C:yQFe1rgvtXGxG2L9ZTwj6RfgYvHNd8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02eca00596518350c47953d9cd18cbac_JaffaCakes118

Files

02eca00596518350c47953d9cd18cbac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd63fe2860478b170ff7730b9c675088

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FatalAppExitA
SetPriorityClass
SetErrorMode
TerminateThread
RtlUnwind
CloseHandle
MapViewOfFile
SetThreadAffinityMask
GetCPInfo
LCMapStringW
CreateThread
InitializeCriticalSection
IsValidCodePage
FreeEnvironmentStringsW
lstrcmpA
GetOEMCP

msvcrt

_itoa
wcsncat
memset

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE