29004a5f6fa817c3d090a6b4c331d4c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29004a5f6fa817c3d090a6b4c331d4c5_JaffaCakes118
Size

84KB
MD5

29004a5f6fa817c3d090a6b4c331d4c5
SHA1

5c2f2f5e96dd40197e011ec6d36845bfc53710de
SHA256

7fd729741f1422bdb5fe4c5115cc6686d683ad3e658826a49dc4830fe2c8ab8a
SHA512

d55969ebd2d88679d861bc5a106410d465c4221c8246770e3124943bd611b435b20c1f98caad19c66d58fe02d5bb3595983c681bddd20e2f463f63f84f497f97
SSDEEP

1536:3n/oYXOfmkND1iCCUcl55PJalegbgCgUYx34XsMMDzf884noA:3/oRLN1ihHl5JJqegECgUK34Xkzf8843

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29004a5f6fa817c3d090a6b4c331d4c5_JaffaCakes118

Files

29004a5f6fa817c3d090a6b4c331d4c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1b1d470695815e5d2859c5f33b4954e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
FindFirstFileA
FindClose
FindNextFileA
FreeLibrary
HeapFree
ExitProcess
HeapReAlloc
HeapAlloc
Sleep
lstrcpyA
GetProcessHeap
GetProcAddress
LoadLibraryA
GetLastError
lstrcatA
GetModuleHandleA
lstrcmpA
GetModuleFileNameA
GetCommandLineA

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE