20d5c51d3b29b38d2065d39f17b561a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20d5c51d3b29b38d2065d39f17b561a7_JaffaCakes118
Size

1.9MB
MD5

20d5c51d3b29b38d2065d39f17b561a7
SHA1

d272036aacfadfd5fca4cbfe17e553eee4b95f7e
SHA256

e06a1f6eedadfc6e8f6cebccc29025953f0b81f14dca249c31a6159e055fa66a
SHA512

3bbff6f1604f12671e2aeb5b5a5c50ed36500ec8259c50eb0d0f833c1285659bc5f02eaa4d6d48986d42ed8a0e86dff7c967b719c6a4d8d175844ba466582827
SSDEEP

49152:YroXftngL9CLguUmNMoGCVAbG8hTR61BD:Y6tgLk/UmKzCObGl1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20d5c51d3b29b38d2065d39f17b561a7_JaffaCakes118

Files

20d5c51d3b29b38d2065d39f17b561a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a13ee2bd542e30b8d805240c3433d2bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32.dll.

CloseHandle
WriteFile
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
GetTempFileNameA
GetTempPathA
GlobalAlloc
ExitProcess
GetCommandLineA
GetModuleHandleA

shell32.dll.

ShellExecuteA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ