14f5ffb0864cc4cb890d16c0df302bab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14f5ffb0864cc4cb890d16c0df302bab_JaffaCakes118
Size

12KB
MD5

14f5ffb0864cc4cb890d16c0df302bab
SHA1

8f17f3ff7db5f06bf0ab4fee2ff125b9338ab36e
SHA256

8e31b6bdd7770f85442128ad4bfd14b451faefdafbea731279172ef87a1533d7
SHA512

46e95e704c06930ded395b5c804d9e80d6c2d9e24757b832aec226504f7b7f7977f7b842024c13ddea0f94cf378ab286168db216c8fe5dd86793717543a9ec0c
SSDEEP

192:mWkVHfxpaaZEnj7u4iG+wiFPdzcArOfGH2rdj0Jec/wO28DpfcbU2xz8gkWYfIq6:mW2HvtY5p+ljlrCVmJyIpcmgjYfu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14f5ffb0864cc4cb890d16c0df302bab_JaffaCakes118

Files

14f5ffb0864cc4cb890d16c0df302bab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb9a42c8e7f0aacb867b0d3d4fb00b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
CreateFileA
ExitProcess
CreateProcessA
WriteFile
CloseHandle
GetModuleFileNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind

advapi32

RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Sections

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ