47d4a0db39c1d0caedce0ed1d1fe0d68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47d4a0db39c1d0caedce0ed1d1fe0d68_JaffaCakes118
Size

4KB
MD5

47d4a0db39c1d0caedce0ed1d1fe0d68
SHA1

03c7fd5ef694ec73800c0b52682ece6408f3d9c1
SHA256

42c3172e19f6b9df3e3a20e9244927b4d8fcaf477217a454adf6f8e3b8ad6e06
SHA512

90a539b710e479a7d9a7b0ad5f4296003a41c321ad8de7f2c1be3b0f10ae31ffa5d16d7218d4a00f5d8729a27fcf689947f44f49e426487e3a47728216d7a5df
SSDEEP

48:iIP+69dE7mzS7LhA5Y3A1BeABhectBfhDp++z:ZPTFzY+K3OBe4LdVp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d4a0db39c1d0caedce0ed1d1fe0d68_JaffaCakes118

Files

47d4a0db39c1d0caedce0ed1d1fe0d68_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2f4733d2276f8baa10b9ff57b82b539

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
lstrlenA
lstrcatA
DeleteFileA
GetModuleFileNameA
LocalFree
WinExec
CloseHandle
WriteFile
CreateFileA
GetSystemDirectoryA
LocalAlloc
GetCurrentProcess
IsBadCodePtr
ExitProcess
LoadLibraryA
InterlockedIncrement
GetVersion

user32

IsWindowVisible
wsprintfA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE