2903825c0be7063ddf57cf1e77b2141b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2903825c0be7063ddf57cf1e77b2141b_JaffaCakes118
Size

20KB
MD5

2903825c0be7063ddf57cf1e77b2141b
SHA1

78749dcccb07e56cb528ea6f9a416b7068d471cc
SHA256

888e32057532fce69c64f0b2337e27c60fafc3ef2f586207d7d431f90637249f
SHA512

c3203d9057249f8d2a509d0508af4418761239668b0177b80b2894df6b938d850283e785641c1a9fb1e66d181c4fd0120229625346c19be2c62e832b48c4dc74
SSDEEP

96:hndQTp+s37wQ3GhbtC5RsDWInj+hSxUqkUGz1sZsGzY5A3HSc+NtRBWo9I5m:hdo+K527IDhYU3UGzbgY5KN+jRBWo4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2903825c0be7063ddf57cf1e77b2141b_JaffaCakes118

Files

2903825c0be7063ddf57cf1e77b2141b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9616a94ff0c1dab75a23d9e479edec22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncmp
strncpy
malloc
free
tolower

kernel32

HeapFree
GetStartupInfoA
CreateProcessA
WaitForSingleObject
DeleteFileA
LCMapStringA
OpenFileMappingA
MapViewOfFile
RtlMoveMemory
CloseHandle
GetTempPathA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
GetModuleFileNameA
IsBadReadPtr

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

urlmon

URLDownloadToFileA

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE