37228ed54fa8218c86e146b8fa1b6c57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37228ed54fa8218c86e146b8fa1b6c57_JaffaCakes118
Size

20KB
MD5

37228ed54fa8218c86e146b8fa1b6c57
SHA1

b1c4f03f67bac614eee07b4f6b439f148f63c9bb
SHA256

2d458ccc3a5cda015e51bf9e4b4154659a8d4b3b43c6537eb51be8e9426dd521
SHA512

4ddbf7570be9e3c3d5b9f16aa3c4f143fdeed043fdc1afc73a427409165c42f10bdf34427ee6a0bae6986bdca14421cbb3420ddab06e65fc98ea21d9a760957c
SSDEEP

96:pFOGjdQN1SoTPtyr2AavaYU1si7qe4JEcJymbW/Ptboyn+c5t84B757wwwoS/E4c:pUGOHYr2Aajge3ymqP1oynr5iq21P4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37228ed54fa8218c86e146b8fa1b6c57_JaffaCakes118

Files

37228ed54fa8218c86e146b8fa1b6c57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3aea3a68913b4f987c3f47c0d6037be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
lstrcpyA
RemoveDirectoryA
lstrlenA
ExitProcess
SetFileAttributesA
GetFileAttributesA
MoveFileA
CreateProcessA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
lstrcatA
CloseHandle
WaitForSingleObject
OpenProcess
ReleaseMutex
MapViewOfFile
GetLastError
CreateMutexA
OpenFileMappingA
UnmapViewOfFile
GetExitCodeProcess
CreateDirectoryA
GetWindowsDirectoryA

user32

SendMessageA
wsprintfA

msvcrt

__setusermatherr
__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
exit
strtok
_acmdln
_XcptFilter
_exit

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ