1c281665c9a516d67bce5db6bbc3f954_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c281665c9a516d67bce5db6bbc3f954_JaffaCakes118
Size

100KB
MD5

1c281665c9a516d67bce5db6bbc3f954
SHA1

9583d2a2127bef9d6a327ee0bd703772d183b095
SHA256

4531ead3345b7c405ca59a41288cc1990f6d2ccad569b6e544f7b555bba8f158
SHA512

0272845406d60b77ad67c6b98cfba983ad6f0326410e339467f01c4cd5ce3e1ed04ab5a8e29103d85540ca7de459263770807c3e3abe6e65fe93ec38fe067db2
SSDEEP

3072:3wtsRjHqN6HcbPgZb/gUeX6+tmBUmiTps:Xq9gVpeX6+tUUhu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c281665c9a516d67bce5db6bbc3f954_JaffaCakes118

Files

1c281665c9a516d67bce5db6bbc3f954_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e3166d300a49677c22d830645f67f3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
CloseHandle
WaitForSingleObject
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
GetStringTypeW

user32

RegisterClassExA
CreateWindowExA
DefWindowProcA
PostQuitMessage
LoadImageA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ