5f3823e6d166df75a87b6fb7c7761895_JaffaCakes118 | Triage

Sharing

General

Target

5f3823e6d166df75a87b6fb7c7761895_JaffaCakes118
Size

140KB
MD5

5f3823e6d166df75a87b6fb7c7761895
SHA1

2a0b0c5f0d6b885a9f3765e1241bcf0e6819784e
SHA256

5a9e731940d7edf2112ab6af27ebef0e23a688fe3038aa966af7c9f0b5742abd
SHA512

164e3532b3e4dc1d6658ee19fd8840f2c795a89d65dfc8cc623b4241a18fc77cadf5a2806602ffbf2e212a39e58137b0f85062926b9fcc658cab295d228393e6
SSDEEP

3072:yopqQaxMmYX+0W/tc1Xqt9w1FLrA1EzDfldVQpBM5nFK51:yOqvi9X+Rtc1i4Jm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3823e6d166df75a87b6fb7c7761895_JaffaCakes118

Files

5f3823e6d166df75a87b6fb7c7761895_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70ba93614dd0d7e56f4448e2c8f71489

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5856
ord6648
ord860
ord6663
ord6877
ord537
ord941
ord540
ord2614
ord800
ord823
ord2915
ord825

msvcrt

_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??1type_info@@UAE@XZ
strstr
_CxxThrowException
_except_handler3
_vsnprintf
__CxxFrameHandler
_XcptFilter

kernel32

LoadLibraryA
CreateThread
GetTickCount
GetModuleHandleA
GetStartupInfoA
GetProcAddress

Exports

Exports

ExitApp
InitApp

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ