1a3fdd5987a140b6085553611b6d9a74_JaffaCakes118 | Triage

Sharing

General

Target

1a3fdd5987a140b6085553611b6d9a74_JaffaCakes118
Size

66KB
MD5

1a3fdd5987a140b6085553611b6d9a74
SHA1

fe3b8c58cf2978743949c032d7c854c2098bf965
SHA256

da4697d521c1b108c3b99cb2f8c4ac655c4957388332a00d33223abd6ef0d916
SHA512

957a3b4f3a7ac707db5ded3a8d350189f71d1c8c478acb3653a8ea21a9232b0490e0234298a97e5ce0a962017a7a2314eb3a818d8b464b5d94d121ed9cb3477a
SSDEEP

768:/EEEQMjMmJMjPKod4pNnqqdVNUJX62j4wMQhYFYgAgopAkK4GD4r3b1ViL0VQGG9:m6ZMw++gpEeDYJRP05agM5seHIpjVrse

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a3fdd5987a140b6085553611b6d9a74_JaffaCakes118

Files

1a3fdd5987a140b6085553611b6d9a74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e510c175c322dd6b9021a07dff7beb81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomW
GetCommConfig
LockFile
InterlockedExchangeAdd
OpenEventA
GetThreadPriority
GetProcessHeap
FindVolumeMountPointClose
GetStartupInfoW
IsDebuggerPresent
GetVDMCurrentDirectories

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE