0f9564bd835c914512e76d099b817805_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f9564bd835c914512e76d099b817805_JaffaCakes118
Size

168KB
MD5

0f9564bd835c914512e76d099b817805
SHA1

3262c3eaefecb4c4504fe5c4de32a94e31a3708c
SHA256

dcb6979880782ca663329d7e0b7ba1583939c55e39911d8625f6d2e3234958a4
SHA512

0340926fb7dcd2d41a051946d4d8368d20e7b41abb6cf46dffcd1e122ff9c98bd96bceec1f9ce090c952f340ebd1bf88483dada8571c3a4939f134a029a295a9
SSDEEP

3072:/wtLDogik29MTZJn/kNRAnuIWw+1ZvHZ5jm15DTtevQ6TPLwg/euLNM:8DRikOKJnyqNwv55a84acuLNM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f9564bd835c914512e76d099b817805_JaffaCakes118

Files

0f9564bd835c914512e76d099b817805_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32f159fdb8967c4ec84c87c3094c7e71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__set_app_type
_except_handler3
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_controlfp
_exit

kernel32

GetModuleHandleA
InterlockedIncrement
BuildCommDCBAndTimeoutsA
QueryDosDeviceA
WriteProcessMemory
WinExec
GetPrivateProfileSectionNamesA
GetStartupInfoA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ