415aa6e7e9ac11c8b94d1c0934aa09f8_JaffaCakes118 | Triage

Sharing

General

Target

415aa6e7e9ac11c8b94d1c0934aa09f8_JaffaCakes118
Size

312KB
MD5

415aa6e7e9ac11c8b94d1c0934aa09f8
SHA1

05e85689981c0135ba742c0daa145bc71651080d
SHA256

96adc9857ef84e253c2ede3177c41a6eabc01cc44860a2d1b8021936024da8e1
SHA512

33659a6c99cdd87faf0376c178f5ffbb91794460c043f75b1532cdc7c688973b052af12fd61b3f21aac3959f58ef8d3370b78cf801b5a46ef1084806cdf29000
SSDEEP

6144:guXf4+J7qxy7Cy7e9Upyj/cjiaIpH271ODuePOwQdHWO4LX:guXBLey7e9Upy3H2MVOJdD4LX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
415aa6e7e9ac11c8b94d1c0934aa09f8_JaffaCakes118

Files

415aa6e7e9ac11c8b94d1c0934aa09f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78b6cf3a4e46382b1939327fd43f76a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetCurrentProcessId
GetProcessHeap
GetVersionExA
TlsSetValue
HeapSize
GetTickCount
HeapDestroy
WriteFile
VirtualFree
CreateFileW
GetFileAttributesA
GetFileSize
WideCharToMultiByte
GetCurrentProcess
DeleteCriticalSection
SetEvent
GetCommandLineA
GetLastError
GetCurrentThreadId
GetCurrentThread
GetVersion
GetModuleHandleA
ExitProcess
HeapAlloc
lstrlenA
GetStartupInfoA

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_strcmpi

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ