0d976aaa3e5772f465467d7896f6bbb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d976aaa3e5772f465467d7896f6bbb8_JaffaCakes118
Size

31KB
MD5

0d976aaa3e5772f465467d7896f6bbb8
SHA1

ab5a6e47e251deb3f35f239a96e7b1b8141af3fb
SHA256

94a572f469ee800f67d3a65a90fabbfaf0a2b3f39f42069ad2e6c0fb5537d31f
SHA512

22bff4c2d38afcb5285a25a4c9674bf47b636098fcf7b3c15980ead2f257abd75374efd7f8ac28f3b1bba7c7a07de475e68b478abcc5f9f2193e85a882ed8588
SSDEEP

768:SSOR9n8veLtNuYxx8GdGPCyXMH44PXPAE/q4PEK6QOOUs+A:SSU8OtNDj83C/Tq4MAOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d976aaa3e5772f465467d7896f6bbb8_JaffaCakes118

Files

0d976aaa3e5772f465467d7896f6bbb8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ae2feacf581a127ec8c21fcc379a58ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

user32

MessageBoxA

crtdll

_getch
_iob
_itoa
__GetMainArgs
_strnicmp
abort
exit
fputc
fwrite
localeconv
memcpy
memmove
memset
pow
raise
signal
strcat
strchr
strncmp
strtol
wcslen
wctomb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 808B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE