4bc4fafdc7118c14f1852ed769fd38bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bc4fafdc7118c14f1852ed769fd38bd_JaffaCakes118
Size

19KB
MD5

4bc4fafdc7118c14f1852ed769fd38bd
SHA1

fe479fd4fb93a55848dc57ab8bce2238a1cbd9b2
SHA256

a3ab07885fd1d85db040fb3aaa501140e5a7f270211ecba984352e33439890be
SHA512

d517544d7474b43336614796f575aa186ed0f48d2e69bb1ba152ec4a5a932bf47cf3f480795be095ccbdef466d867bf1ec612591a7f6e7116b7c7f2af2d8e735
SSDEEP

384:D2A9G34C0UCqq3lfxcYCl/Uidy9ajxcYCl/Uidy9a:aA9G34CuqecYC1dygcYC1dy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bc4fafdc7118c14f1852ed769fd38bd_JaffaCakes118

Files

4bc4fafdc7118c14f1852ed769fd38bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8fc0b7062721eac531cd911955e3ecc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
lstrcatA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
exit
fclose
fopen
fread
free
fscanf
fseek
ftell
fwrite
malloc
memcpy
signal

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE