3ac47409406a8b05248fcc5ab0e98e23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ac47409406a8b05248fcc5ab0e98e23_JaffaCakes118
Size

69KB
MD5

3ac47409406a8b05248fcc5ab0e98e23
SHA1

6f202954fc42ca3c99aa6512cac3cd7f8832172c
SHA256

50096bfe064e78b31ff740145adf17d404231ed6f9bd1c223e13c05209b2623a
SHA512

7ad0e2cd6158e1d23b374be81cc01c2562082f54d516f4c6916fe72c00122b245b2fed9101c2a327547533c750a9f8d04ad711ac3c5b602ba028f2e85c9847a8
SSDEEP

1536:3AmYpv8O8yrXFDsBqqmx9gDh7QZF8otV1B8Y:3KN1DsRSvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ac47409406a8b05248fcc5ab0e98e23_JaffaCakes118

Files

3ac47409406a8b05248fcc5ab0e98e23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee09fa20ad18b29b03db3526191ccbfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
EraseTape
GetCommConfig
FillConsoleOutputCharacterA
GetCurrentThread
BackupSeek
GetWriteWatch
ReadFileEx
FoldStringA
lstrcmpiA
RtlFillMemory
GetCommandLineA
GetStartupInfoA
ExitProcess
InitAtomTable
SetConsoleNlsMode
GetTimeZoneInformation
GetLargestConsoleWindowSize
DeleteCriticalSection
WriteConsoleA
FoldStringA
GetDiskFreeSpaceA
GetConsoleAliasExesA
ScrollConsoleScreenBufferA
SetConsoleLocalEUDC
SetEndOfFile
GetOEMCP
GlobalDeleteAtom
RtlFillMemory
OpenThread
SystemTimeToTzSpecificLocalTime
TransmitCommChar
LocalFlags
HeapUnlock
SetConsoleNlsMode
CommConfigDialogA
WriteProfileStringA
AllocateUserPhysicalPages

Sections

WEIJUNLI
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.date
Size: 46KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ