370d9fdf89fb76a5913f474e59568260_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

370d9fdf89fb76a5913f474e59568260_JaffaCakes118
Size

144KB
MD5

370d9fdf89fb76a5913f474e59568260
SHA1

0bfa769a1af2b522eadc621d5f10b78424de0f88
SHA256

02b5414c88c212f444ac0bf3dc34a7e19a57bdc31343324d75809ec529c4789b
SHA512

209cc3cead3271ab5f79d873a80586bd335e517bd3169498cff97f2fda417e01ad82559a456c8e3d9180d4eb5e042ed349a2509d960382d6e145e4baa49cdb49
SSDEEP

3072:QyMjxdqIHIOlhO90Vm4rEBIsMvLN+bHD1WcZq8gYfhqrWvE:7CXqIHIOLO49sMJUW8FSP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370d9fdf89fb76a5913f474e59568260_JaffaCakes118

Files

370d9fdf89fb76a5913f474e59568260_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16a68c2369a0d77aca25be106c80591f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA
RpcStringFreeA

user32

SetTimer
CharNextA
PeekMessageA
CharUpperA
GetMessageA
PostThreadMessageA
KillTimer
LoadStringA

kernel32

ClearCommBreak
GetStartupInfoA
ReleaseMutex
ClearCommBreak
CreateMutexA
ExitProcess
EnumResourceNamesW
CreateProcessW
QueryPerformanceCounter
ExitProcess
GetExitCodeProcess
CreateFileMappingA
MapViewOfFile

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ