5f50fc436ccb1107749e18eebaab2859_JaffaCakes118 | Triage

Sharing

General

Target

5f50fc436ccb1107749e18eebaab2859_JaffaCakes118
Size

65KB
MD5

5f50fc436ccb1107749e18eebaab2859
SHA1

d4a8878f55a553a9e301b36deeaea2189e462604
SHA256

6959d8551ea0b818e4d33755b6165511f315ac6f8c10bb6e7065e0215411e6c9
SHA512

43e29f504705681df5f594d6f4df8d54821308ee40dfd29b96acff1a01196bad7c712088ce4b3095c9960445cd13a22fdbaecffe313e537563a6957a02816706
SSDEEP

768:pT6E+wGYUdEgCU6hx8qPHXz2T/8eYDeXxZx5fDOQeEEjiqd66K36Y:ppo7d9CU6QqP38/8qb6QKuqdU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f50fc436ccb1107749e18eebaab2859_JaffaCakes118

Files

5f50fc436ccb1107749e18eebaab2859_JaffaCakes118
.exe windows:1 windows x86 arch:x86

454c4a00136ac2a86c44b0f41239dbc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetConsoleMode
LocalAlloc
CreateFileMappingA
VirtualAlloc
SetEnvironmentVariableA
GetEnvironmentStringsW
IsBadReadPtr
GetVersion
LoadResource
SearchPathA
GetModuleHandleA
CreateFileA
FreeEnvironmentStringsA
GetCurrentProcessId
GetStartupInfoA
GetProcessWorkingSetSize

msvcrt

_initterm
_XcptFilter
ftell
_except_handler3
isxdigit
memcpy
_mktime64
__p__commode
mbstowcs
_sys_nerr
_adjust_fdiv
_fputwchar
_fpclass
_lseek
__getmainargs
_beginthreadex
_fgetwchar
_findfirsti64
_vsnprintf
_lseeki64
_exit
_wpgmptr
_cwait
islower
__set_app_type
_scalb
_rotr
__setusermatherr
__p__fmode
_adj_fptan
fwrite
exit
_acmdln
_controlfp
iswdigit

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ