1846735736f593a465b357f3a07e50b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1846735736f593a465b357f3a07e50b2_JaffaCakes118
Size

404KB
MD5

1846735736f593a465b357f3a07e50b2
SHA1

33a6db33de1e84c25ed944ac4ed6a3b2f7453fcf
SHA256

c5964fbd72d1f16bad3ec54e4ed92e97f111d875d0d983c73c5b5d375dd94199
SHA512

4adde375b69abcb950ce71483d59571d7dc90ab6020916adc43f1c542fe55f2cd5440ef56e6fbe07ac9ebd20bf7c3bddee49ab495c9c9d3936736d86be9c3fa8
SSDEEP

6144:sRkOJE/laVc/KPJ8fETcR+ftjqvzamjCZ7tCao6R+pqT:WkOJE/licigIHtjqvWDPCah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1846735736f593a465b357f3a07e50b2_JaffaCakes118

Files

1846735736f593a465b357f3a07e50b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c706c6f67b7d173b6ab503ee04d3cd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
GetLastError
CloseHandle
GetModuleHandleA
GetFileSize
CreateFileA
Sleep
GetProcAddress
VirtualFree
VirtualAlloc

netapi32

NetDfsRemoveFtRoot

avifil32

AVISaveOptions
AVISaveOptionsFree

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ