29eb44e3803ce2a25dce56720ec35ed0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29eb44e3803ce2a25dce56720ec35ed0_JaffaCakes118
Size

20KB
MD5

29eb44e3803ce2a25dce56720ec35ed0
SHA1

b0a7a2d68cef4754814f4dbb737ce36ae7e6aab3
SHA256

d6900fc02fe4cd807b00e921534b6d6e7572a80259f267b0c6d2fddbd4a217e3
SHA512

d16495c4ab2e48456a0134208a7357bc57798fa0128cbc1f0fc4e4fc60fc8d5b10d2cc5cc6e9a1b96976c604ae9621a36bf648a1115274149b3b2eed629efbe7
SSDEEP

96:NcyoYeiUkT43YLovlEHShcCvtdXVFSUvTCmoy0ev1P4WmBT/WZzhx:ayoSL6lfOC3HlCmoyXCWmBT/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29eb44e3803ce2a25dce56720ec35ed0_JaffaCakes118

Files

29eb44e3803ce2a25dce56720ec35ed0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc6e3c438e6d60990a7c9549f8eb9aa2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_DeleteFile@4

autowiz

DoAutoPilotWithTracefile
DoAutoPilotWizard

pfutil80

??1CSharedMemory@@UAE@XZ
?MeFirst@CSharedMemory@@QAEHXZ
??0CSharedMemory@@QAE@IPBG@Z
?Lock@CSharedMemory@@QAEHXZ
?Unlock@CSharedMemory@@QAEHXZ

msvcrt

?terminate@@YAXXZ
exit
_wcmdln
_XcptFilter
memset
__CxxFrameHandler
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
wcscpy
wcschr
_except_handler3
_exit
_adjust_fdiv
__setusermatherr
__wgetmainargs
_initterm
_controlfp
__p__commode
__p__fmode
__set_app_type

kernel32

GetStartupInfoW
GetModuleHandleW

Exports

Exports

??0CSharedMemory@@QAE@ABV0@@Z
??4CSharedMemory@@QAEAAV0@ABV0@@Z
??_7CSharedMemory@@6B@

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE