048d25065135d7ebd80dbe3b793c8228_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

048d25065135d7ebd80dbe3b793c8228_JaffaCakes118
Size

15KB
MD5

048d25065135d7ebd80dbe3b793c8228
SHA1

13830eefaac678e125a5baf121f7b3f7b073e3e1
SHA256

9bc564e696292e1b612f473b568a1c4f0314d9a88583218cacbd5d360fb2e13d
SHA512

56b7dbc1fbe27b8193f4c163bd4afb43712f56f2eaf03c435efb0ee9a92071184d36ea9b84d66ff4ba860ac06f409958e96001c1834daf88154824c751ffc30d
SSDEEP

384:gIXDMAkZv8n9EfkAstnaiXd9RL7+u8nRIWo:tHsqmfkAstvduuUdo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048d25065135d7ebd80dbe3b793c8228_JaffaCakes118

Files

048d25065135d7ebd80dbe3b793c8228_JaffaCakes118
.exe windows:4 windows x86 arch:x86

81c741db70dcb4766619ccf6274a182a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
wsprintfA

kernel32

GetStartupInfoA
lstrcpyA
lstrcmpiA
CloseHandle
CreateFileA
CreateProcessA
ExitProcess
FindResourceA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
LoadResource
LockResource
RtlZeroMemory
SetLastError
SizeofResource
WriteFile
lstrcatA

Sections

.text
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ