03a58ef707d2d1a4ec8f3959293105c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03a58ef707d2d1a4ec8f3959293105c4_JaffaCakes118
Size

137KB
MD5

03a58ef707d2d1a4ec8f3959293105c4
SHA1

0a41afa7f6cafc9df36246f7660bb4a46664c730
SHA256

c2eb7f4d93d6a2cbfaf2f56d88381e1d0571233c047093fe0408217a1bce61cf
SHA512

3503414fa2a8d5095e204d2164fab6edabfb21264e0ae7fa39332d4125f0b07350ad79df0b7db3964982b7a69e60c50e18d889dfefb85b72e722ad79dd917644
SSDEEP

3072:i51N9luuSvJhgfytsDYYYCSrKgzvj9GfOkB4AQRqtwojAcb:aNzKxlZrdX9GWu4AQRqtws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a58ef707d2d1a4ec8f3959293105c4_JaffaCakes118

Files

03a58ef707d2d1a4ec8f3959293105c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4175c47e9ab80aa8ff4d1eb7b477c81d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
FreeResource
lstrlenA
GetLocalTime
GetTickCount
WriteFile
SizeofResource
CreateFileA
LoadResource
FindResourceA
GetModuleHandleA
MoveFileA
LockResource
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
CopyFileA
Sleep
CreateThread
WinExec
ExitProcess
GetFileAttributesA
GetWindowsDirectoryA
LoadLibraryA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetProcAddress

msvcrt

_onexit
__dllonexit
exit
fopen
fwrite
fclose
??2@YAPAXI@Z
memset
_strrev

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 672B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ