4b6d9611155de12b22585e6e980e6c21_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b6d9611155de12b22585e6e980e6c21_JaffaCakes118
Size

394KB
MD5

4b6d9611155de12b22585e6e980e6c21
SHA1

546890e2bfd83a5041703295e6b5599949ee24a1
SHA256

65f27eabfd0e30240561b5230d1356af1dec4829aa50b36f9d5e6b53240ef683
SHA512

2806f19aec16fc156185e93b94886e2207edd422130c94d34cca708561f2494218daac0e6544ce8ef920cecedc0bcc0fb6986fa639f9d904f949c9d6fdb8e4a9
SSDEEP

12288:xUsMke1UWn+XGHLdrYxMoX8chXhnuolxdLas7:xtMkeFn+X0NoschXtusdLas7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b6d9611155de12b22585e6e980e6c21_JaffaCakes118

Files

4b6d9611155de12b22585e6e980e6c21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4ff4e9520d2b9d618be12fecec0c0ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
DeleteFileA
Sleep
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LockResource
lstrcpyA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA

lz32

LZCopy
LZOpenFileA
LZClose

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ