3249b5aa57cd30904e2baa6a4bfca0e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3249b5aa57cd30904e2baa6a4bfca0e2_JaffaCakes118
Size

5.2MB
MD5

3249b5aa57cd30904e2baa6a4bfca0e2
SHA1

82554fad5551110db21c14a6c94911281b77217a
SHA256

8eadd2610fce2da6fc573c643841555bef85737e126d1ecbcc4c3ff5b04b8b3e
SHA512

53eb6b0f0ac04b309d607cd73dd520002c33b50958e0e7233e173e1e9f7b3770e0a2fb2fa7daa6a7cd17585cc463004ddd1be794e7be6c7cbd89048270a83ffd
SSDEEP

98304:gqtEJTiSMpX7vh2hWpHEdy3QEEJJeH9dq1IMAcEva9ew+pdGZQpu6MLSrQ4L1:gMzz7vcQK5EEJarq1IDv0ew+mupPMyQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3249b5aa57cd30904e2baa6a4bfca0e2_JaffaCakes118

Files

3249b5aa57cd30904e2baa6a4bfca0e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

674679242dda5a09e3a20205a7c08a83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringA

kernel32

HeapAlloc
lstrcpyA
CloseHandle
CreateFileA
CreateProcessA
ExitProcess
FindResourceA
GetCommandLineA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
GetTempPathA
lstrcatA
HeapFree
LoadResource
LockResource
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrlenA

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ