28d09671227946d1dbef0104f9b80c97_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28d09671227946d1dbef0104f9b80c97_JaffaCakes118
Size

96KB
MD5

28d09671227946d1dbef0104f9b80c97
SHA1

f75d82cf20564d8515f9793d14f3c866d71bfc52
SHA256

33d3e92f4322b5a15de673f3b0f7eee39861c578ad7b7292540cfc163140836f
SHA512

5af49792ed3a8c4dd7519bc0e5ddd43cf962a976be466fa20d04c82476e12713528e1f8e3b6c7cae2762b3af1a7e38cd33ca56f620f4a17b1753eb7985488186
SSDEEP

1536:IDodDEnMR5JiRC+b+EYWp54fn5qQR3MRm9qZf4sRhJpt4L7iHvSDyg6:IsDmMRDiRC+b+XWp5wqQltY4sLV07iHM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d09671227946d1dbef0104f9b80c97_JaffaCakes118

Files

28d09671227946d1dbef0104f9b80c97_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bc056eb5a2537f625ca813015c3a394

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
GetConsoleTitleA
FindFirstChangeNotificationA
HeapAlloc
GetProcessShutdownParameters
FindNextFileA
GetCompressedFileSizeA
GlobalWire
TermsrvAppInstallMode
GetPrivateProfileStructA
AreFileApisANSI
GetCommandLineA
GetStartupInfoA
ExitProcess
GetCurrentProcess
OpenSemaphoreA
SetThreadIdealProcessor
DeleteAtom
lstrcpy
DeleteCriticalSection
SetConsoleOS2OemFormat
lstrcpy
ConvertDefaultLocale
AddAtomA
ContinueDebugEvent
ResetWriteWatch
DosDateTimeToFileTime
FlushInstructionCache

Sections

.itext
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.date
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEIJUNLI
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA