4d44e111b074dd30848c9aa87b79e29b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d44e111b074dd30848c9aa87b79e29b_JaffaCakes118
Size

287KB
MD5

4d44e111b074dd30848c9aa87b79e29b
SHA1

44eeb102cd42989d046bfef60274638405cdee85
SHA256

8777f337a5836b38655f6e8b4d0db7b64317da378655552d1626ed38ab80cc3b
SHA512

6242323b68b45682d47738137d3e2dda9566e4b8445dfde8d9659bfa27c783c32dfb60d0b1a2fd2b145c8706df3021b319fe0a604f7d853f616e5745869f0093
SSDEEP

6144:F5OXfPdaXaZnhlHtJ2L5apxzB0NPXQwO1SGF8D56OZ4QsdJj9W2g7gVa:FUvPIXaFDtwL5YpB0Vm1SgC6OZ4QsdJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d44e111b074dd30848c9aa87b79e29b_JaffaCakes118

Files

4d44e111b074dd30848c9aa87b79e29b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a2e6b20d69b05f1e355753e39d4d6db2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetAtomNameA
GetCurrentProcessId
HeapReAlloc
UnhandledExceptionFilter
RtlUnwind
GetCPInfo
InitializeCriticalSection
GetDateFormatA
SetStdHandle
FreeLibrary
WriteFile
GetTimeFormatA
GetOEMCP
TerminateProcess
IsValidCodePage
GetLocaleInfoA
EnterCriticalSection
HeapSize
EnumResourceNamesA
LeaveCriticalSection
SetFilePointer
GetSystemTimeAsFileTime
VirtualAlloc
GetConsoleOutputCP
GetACP
GetStringTypeW
MultiByteToWideChar
WriteConsoleA
GetCurrentProcess
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException

rpcrt4

RpcStringFreeA

shlwapi

SHCreateStreamOnFileW
PathIsContentTypeA
SHCreateStreamOnFileEx
PathIsFileSpecA
PathAppendA
PathCreateFromUrlW

Sections

.text
Size: 147KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ