1a473adafea257dca841ef6f53a4927d_JaffaCakes118 | Triage

Sharing

General

Target

1a473adafea257dca841ef6f53a4927d_JaffaCakes118
Size

519KB
MD5

1a473adafea257dca841ef6f53a4927d
SHA1

2bc8b8147658bc57c9f12570cf4767635a68dc5d
SHA256

c90e96b52765e0e3b2257d448da925195a7706d5f0acdc14cbe118372fb4c23c
SHA512

1f212ab4a6d013021361ede463200a520d549663e4794adb2bd74c1154c1256c4e2848761b6bd944f05504810183020bc5ece0affacae6d67b274644b2c3e121
SSDEEP

12288:GAuNWvrq4Xn+VfRUVepDTnP+sz9UHkuJ6Bie:qWvrfX+RRgepDqsz9UDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a473adafea257dca841ef6f53a4927d_JaffaCakes118

Files

1a473adafea257dca841ef6f53a4927d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fcb37b2ea50104af62bbcb4b4cbe76ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleHandleW
GetStdHandle
GetCommandLineA
TlsAlloc
GetTickCount
SetEvent
LockResource
GetModuleFileNameW
IsValidCodePage
GetLocaleInfoA
GetEnvironmentStrings
RaiseException
VirtualAlloc
ExitProcess
lstrlenA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ