4a9adebc243aa84cf1fd488c3c4d0f51_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a9adebc243aa84cf1fd488c3c4d0f51_JaffaCakes118
Size

278KB
MD5

4a9adebc243aa84cf1fd488c3c4d0f51
SHA1

dc6f95419a91aad45121450002ca3e14cdc53dae
SHA256

6c9b0b1d2c2e3e73be375e66520000b28ad951cf518ace0503eb969f6edf44c8
SHA512

3ced635fef22a0af5d5ea07eac27671335d54605876d6c47d7815b8361cf451fada44dc65ead07ebdd69386132cfa2ce5bf2af00b78c0c9bf58674eb56b22d66
SSDEEP

6144:V/B/KTBkK0I7Wf1aGX5D+urFDXVIzLbChSASePvbRkR8H:xB/KTOE7Wf1tX5DDlFIDySAxbRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a9adebc243aa84cf1fd488c3c4d0f51_JaffaCakes118

Files

4a9adebc243aa84cf1fd488c3c4d0f51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d4d9875393c3604f91a50b6fc82e4b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
malloc
free
strlen
strchr
strcpy
strncpy
strcat

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
HeapFree
HeapAlloc
InitializeCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
WriteFile
CreateFileA
GetFileSize
ReadFile
SetFilePointer
HeapReAlloc

shell32

ShellExecuteExA

Sections

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ