2835d03204d1e6fa4297b2a8d935b733_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2835d03204d1e6fa4297b2a8d935b733_JaffaCakes118
Size

347KB
MD5

2835d03204d1e6fa4297b2a8d935b733
SHA1

96ba97423eecfcf6397eb936924194f3dd922547
SHA256

7591ce2744fb7465448f2fa1618a22a8f4dabe2841df257ad2f432a4bb38de15
SHA512

8a2782f769c4bc399fdbe6ca0c1ea95edbea862749c91a0830f08c5a1b3e5a75dd069afcf36f7996750e86227e2fed9a1e4cc33c6298545bfb97ecea0c29964c
SSDEEP

6144:ULRCLDcwBRPMs7lQr6EdlCGbeOIpGM+fjScjLJr2FLwSXI:UKDcw1Qrlo0eOoGBh2FLwH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2835d03204d1e6fa4297b2a8d935b733_JaffaCakes118

Files

2835d03204d1e6fa4297b2a8d935b733_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9775c513b332b5927ddc962d497bc98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
ReadConsoleA
WriteFile
GlobalFree
FindFirstFileA
GetComputerNameA
OpenFileMappingA
GetStdHandle
GetCommandLineA
DeleteFileA
GetConsoleMode
GetCPInfo
FindAtomA
CreateProcessA
GetFileTime
SetLastError
GetLastError
Sleep
CreateThread
ReadFile
ExitThread
GetFileSize
DeleteFileW

user32

DrawIconEx
DrawIcon
CopyIcon
CopyRect
LoadMenuA
IsWindow
GetWindowTextLengthA
LoadCursorA
CloseWindow

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 33.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ