59bd227bc38b82dd86dece231049a07f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59bd227bc38b82dd86dece231049a07f_JaffaCakes118
Size

590KB
MD5

59bd227bc38b82dd86dece231049a07f
SHA1

953a511f5fea10f38724e52bb3b8b75aa2585c8f
SHA256

c09822b3c47f74a8892afef1b2ee5a8986c4ec5e65b229eb62f8914511467400
SHA512

fcdcdf8cc04b379d51b71b26147dcffb3d7f8181ce7a461087f79106ba4f8fb8e006c862dc96417057b665b0e29d07df3fef876fa7a6e3e65170db740be14aa1
SSDEEP

12288:ZiWrG8bXVEy5NknODX62PrGKQkY+o8FCwgyU9xltHiatARUjTqeMCYpHgSLb:ZiWrGI5anuX62PrGKddjCwBUOaWmUCGZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59bd227bc38b82dd86dece231049a07f_JaffaCakes118

Files

59bd227bc38b82dd86dece231049a07f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21607682c19f7802c7d98afd746dbe9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Develop\Firstlook\vclient\branches\Stable_branch_2008-02-28\src\carrier\Release\carrier.pdb

Imports

shlwapi

wnsprintfA
PathGetArgsA
PathStripPathA
PathAppendA

kernel32

GetTempFileNameA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
CloseHandle
CreateDirectoryA
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
LoadResource
LockResource
OpenProcess
Process32First
Process32Next
RemoveDirectoryA
SizeofResource
Sleep
WaitForSingleObject
_lclose
_lcreat
_lwrite

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ