0597dc471ea0ac7ccf18fb2c6555b40b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0597dc471ea0ac7ccf18fb2c6555b40b_JaffaCakes118
Size

13KB
MD5

0597dc471ea0ac7ccf18fb2c6555b40b
SHA1

b43516913db3e86e00bd3437e55fbc4b54b6affd
SHA256

950f577b2c65ffae6f2892a75ebc06fd5529165953dfd448e74125ed4999d168
SHA512

4005231cf71b07b1038e0daa096d574d96c272156605ba497963359309536dcfaf4fa73c3dd08112dcbd6c1de1b9c07fe5a2aa7825a968d27376966a8b085cc9
SSDEEP

384:N9FcoQfLA8RITZat+SJVCmI8u/5AgdnjFjiKj:XFcoMlIsJVkzGaRGKj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0597dc471ea0ac7ccf18fb2c6555b40b_JaffaCakes118

Files

0597dc471ea0ac7ccf18fb2c6555b40b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

941fb2a1e4db3a1f14c1bbe133d94ee7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_impure_ptr
abort
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
fwrite
getopt_long
isxdigit
malloc
optarg
optind
printf
pthread_atfork
putchar
puts
realloc
strcmp
strcpy
strlen
strrchr
strtoul
tolower

advapi32

RegConnectRegistryA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA

kernel32

AddAtomA
ExpandEnvironmentStringsA
FindAtomA
FormatMessageA
GetAtomNameA
GetModuleHandleA
LocalFree

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE