599acb14484ca3914e684167e5594e22_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

599acb14484ca3914e684167e5594e22_JaffaCakes118
Size

8KB
MD5

599acb14484ca3914e684167e5594e22
SHA1

8dd6900c680b321819fd1c6d9990b9224be15d3e
SHA256

f1bbd0a9607c9c58b71a6e6839f694329474cbc83dc8823d200dfb3b8840703a
SHA512

5da8a0d41c17c937622b503b86b360856b945a4e5baf6a71b85f2c6b31420253e6c5ed1a687b5648891a9ea13aebb636c85a0352ba2939f9e7eeffccf0d5a475
SSDEEP

96:/WNK665jiKD/5PapzStLTCN0IbTLoR/1pjLWKUoynACR:/WI6CTkpKHMJrU1p3/UoynnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
599acb14484ca3914e684167e5594e22_JaffaCakes118

Files

599acb14484ca3914e684167e5594e22_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad786290dd3164b8d38f9959aed01d95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GlobalAlloc
WinExec
GetTempPathA
GetModuleHandleA
GetStartupInfoA
Process32Next
CreateFileA
WriteFile
CloseHandle
GetModuleFileNameA
DeleteFileA

user32

MessageBoxA

msvcrt

strlen
memset
sprintf
memcpy
exit
strncpy
strstr
fclose
fread
fseek
strcpy
fscanf
remove
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fopen

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ