3c157e526a192ca8c32acc0e3a2cb211_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c157e526a192ca8c32acc0e3a2cb211_JaffaCakes118
Size

184KB
MD5

3c157e526a192ca8c32acc0e3a2cb211
SHA1

7e2e446e919a1cd9cfd66644d437bab5d6aaf173
SHA256

fcb6a7033eed6abf9d79ece638eefeb3d8721f5ba7e422c0a0a6b8dd7cfb627f
SHA512

bef143162d3c86b63d39ec7f9ddf4e177461fb7cb0b77f9d7ab43ad4e50a6949670d8db7b04830d3c8f6c3833c87377e8e0d95c8eeb7484b86a5b06af23dc99b
SSDEEP

3072:dW9Z1SkL5NlIxQqRaC/mS8Ooj4pffFBjz1QH3/RSqaAZ:kcGNlzqb/mS8xj4lFBje3/RSqa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c157e526a192ca8c32acc0e3a2cb211_JaffaCakes118

Files

3c157e526a192ca8c32acc0e3a2cb211_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3165fcfaaa2ac54465510e7588507883

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
SetHandleInformation
GetCommandLineA
VerifyVersionInfoA
OpenMutexA
GetVolumeNameForVolumeMountPointA
DeviceIoControl
DeviceIoControl
InterlockedExchange
GetCommandLineA
CallNamedPipeA
GetLocaleInfoA
GetDriveTypeA
VirtualAlloc
LoadModule
ExitProcess
VirtualFreeEx
GetLogicalDrives
EnumSystemLocalesA
ReleaseMutex
CopyFileA
GlobalUnfix
GetCommandLineA
LoadLibraryExA
LocalShrink
DeleteTimerQueueEx
CreateMutexA
WriteConsoleOutputCharacterW
GlobalFix

ws2_32

recv

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ