188060031232fdaf2ffdb324283d09f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

188060031232fdaf2ffdb324283d09f2_JaffaCakes118
Size

6KB
MD5

188060031232fdaf2ffdb324283d09f2
SHA1

15923eea32ec6b1e7619d130f1d89790355569c8
SHA256

e4c94de3ed92a3b4d07652e2443b965cf70a5e0a08894087b163e435b2b23260
SHA512

3498809e32201864ad834289475da23e42a46602500200c64ad76be05b88d3a2ac08f9c96ce5d1f91c213a35525aaea3fa73b3f3cdd91ae0a1ef529417d1f04b
SSDEEP

96:Z1jPW9uUOrF/NXFINHqMy1BV3gnFgkLatSq0Bx2jFE+r3qMHrJ1X:HXRtF68PgnFjutSnBIhEU3dLJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188060031232fdaf2ffdb324283d09f2_JaffaCakes118

Files

188060031232fdaf2ffdb324283d09f2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

251575623650bc933bad8739ca1c1602

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
CreateThread
ExitProcess
VirtualAlloc
RtlMoveMemory
WaitForSingleObject

user32

MessageBoxA

ntdll

NtSetInformationThread
RtlDecompressBuffer

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE