0d698e807f39faa9fb050d68a3063cba_JaffaCakes118 | Triage

Sharing

General

Target

0d698e807f39faa9fb050d68a3063cba_JaffaCakes118
Size

104KB
MD5

0d698e807f39faa9fb050d68a3063cba
SHA1

364d4d7c0929e621c0b2fd532ae8d3efca15995f
SHA256

ed23658b1cd883f0946e653030af2c25882709abefcd82f70ef0bb8e5b6ec0b9
SHA512

e8eda7d3966819f3f6b9bb5b77f1c2558deec385423baec75f28633d11b76a3a197055dad6a8073e53f29dc8a030562e21df9e19e80e546e2a1199c1c178357e
SSDEEP

768:pt6JdtPZPXeBRRWMQWgpmjvn79M/NbIoq+OG/Zlfrlt:7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d698e807f39faa9fb050d68a3063cba_JaffaCakes118

Files

0d698e807f39faa9fb050d68a3063cba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

768a1d97e127eda949c3a6ba5b36a197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ExitProcess
Sleep
CreateThread

mpr

WNetAddConnection2A

rpcrt4

RpcRaiseException
NdrPointerBufferSize
NdrConformantStringBufferSize
NdrPointerMarshall
NdrConformantStringMarshall
NdrConvert
NdrConformantArrayUnmarshall
NdrClientInitializeNew
NdrNsGetBuffer
NdrNsSendReceive
NdrFreeBuffer
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree

msvcrt

__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
free
malloc
memset
printf
strlen
sprintf
strcpy
_except_handler3
_chkesp
memcpy
memcmp
_onexit

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ