4baf807e0a45c6cb7114dbc83a8d4a6d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4baf807e0a45c6cb7114dbc83a8d4a6d_JaffaCakes118
Size

165KB
MD5

4baf807e0a45c6cb7114dbc83a8d4a6d
SHA1

6db6674eec84e60beb3004abc52f9c316c122464
SHA256

36bba2998433ee043a2bc8e08b3b40fa5baed04d89912f8706f2a62bae7fa260
SHA512

bc97e68e5e793b89d76a7281a0bd184f7bf6ab7ccb41937925f6c1fd1023f2c4b5ccd5652e96d72f7e72698907d760dca73e5c8f7172998cfc6db8d9e17b49dd
SSDEEP

3072:ryJLYzYSyupMfJGvC4FJMRTOriMG3Xel9pWCvS722I91mcDSOpa9ZvhJq9Spesjw:eVYMSnpMfJGvCW0TsiMGHSPWCvN2y4kV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4baf807e0a45c6cb7114dbc83a8d4a6d_JaffaCakes118

Files

4baf807e0a45c6cb7114dbc83a8d4a6d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab193ef35650198e5d1f70d4801fa250

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_exit
__dllonexit
_onexit
sprintf
srand
rand
malloc
strtok
atoi
free
fopen
fclose
_adjust_fdiv
_controlfp

kernel32

GetModuleFileNameA
GetCommandLineA
CreateFileA
WriteFile
CloseHandle
GetTickCount
Sleep
OutputDebugStringA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
DeleteFileA

user32

MessageBoxA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE