4457912a1fd07d0b0f31bc729f6e4a8d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4457912a1fd07d0b0f31bc729f6e4a8d_JaffaCakes118
Size

40KB
MD5

4457912a1fd07d0b0f31bc729f6e4a8d
SHA1

6f0191898e6201398086df511e3a07f7d5b4a1b4
SHA256

3501a44a75be2c3583282ecf5074972f20e8c2108f1bfbea5934b7955a09c122
SHA512

2e0167ddbfeb46ba322ec86da13cea29cde74f1b3526896962c9229b92cff563573d5a6c761984155ab6b9eb559318ff2148e7f4a8460d37efe0fc390b9f9366
SSDEEP

768:1bIUO8FSqUaG0IUUiM95Z9QX2oooDkhAy8g7A3b:W/QjIVJ9BQX2oooD+AyxAr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4457912a1fd07d0b0f31bc729f6e4a8d_JaffaCakes118

Files

4457912a1fd07d0b0f31bc729f6e4a8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

456e62c66423e00201cc148b10b74227

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
modf
sprintf
_CIfmod
strncmp
_ftol
_strnicmp

kernel32

Sleep
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
IsBadReadPtr
HeapFree
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc

user32

DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
wsprintfA
MessageBoxA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ