32411825f0a14c9148e75ca48a34fda9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32411825f0a14c9148e75ca48a34fda9_JaffaCakes118
Size

43KB
MD5

32411825f0a14c9148e75ca48a34fda9
SHA1

c43eb3e6f8719be3d28b36a87da12aeb85b82f0a
SHA256

69fb8c7cf194624f1df25e698465d7801d5ed6d9b7d20537bfbb4d6414411de9
SHA512

309a9eeefeb22a9a409e9e63d05181fcd5fa918c7ed059af8a4c26042dd492bb77a97d2b502b130e96bacf6b5c4368479758d9fcd3089754670a3dd6d52980ca
SSDEEP

768:I7GyNAKI4POhJoyc//ly14HqA/CmrwV/afh5SURn:ZrKbPkJomuHq8CSRPbn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32411825f0a14c9148e75ca48a34fda9_JaffaCakes118

Files

32411825f0a14c9148e75ca48a34fda9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6510646d71558ffb026e1eab6b2f66cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
FreeLibrary
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
IsBadReadPtr
LoadLibraryA
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect

msvcrt

_stricmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
free
memcmp
memmove
realloc
signal

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE