48cc6e177fb2d3c8c77b6de522d998a6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48cc6e177fb2d3c8c77b6de522d998a6_JaffaCakes118
Size

368KB
MD5

48cc6e177fb2d3c8c77b6de522d998a6
SHA1

6aa42dd39aca9483af83ab5ea1a3a0cfe952ac30
SHA256

6c030c365d10780e1b08a01e33942bf3e541e4b1a65d75bbba33326837e3bf2c
SHA512

d8af5b8f90b0fa81213a6fea7de023ec37372add7c3b689ed508eea2a66063bb05da9cde47ea52dfa07c1e50700d558cd7ee31f9614ecfe3ae0608c98daceed1
SSDEEP

3072:C/JVfLSpYfwhf6xc1Y9lqX9sf8ZVT2YhSsU/kp+2tAavxLTqvV6KP1kIR5:ChlLSifwIx8tVTFUs82tppPKUKN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48cc6e177fb2d3c8c77b6de522d998a6_JaffaCakes118

Files

48cc6e177fb2d3c8c77b6de522d998a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fd495885c6d48260c92fe1e1433d8d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
GetTempPathA
GlobalAlloc
CloseHandle
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
CreateProcessA
GlobalFree
lstrlenA
DeleteFileA
GetExitCodeProcess
Sleep
lstrcmpA
GetCommandLineA
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount

user32

CharLowerA
wsprintfA

shell32

ShellExecuteExA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ