64984165000b64b4bd1d611a8ac43774_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64984165000b64b4bd1d611a8ac43774_JaffaCakes118
Size

164KB
MD5

64984165000b64b4bd1d611a8ac43774
SHA1

c79bb5d0a20b7b984415e4f5a6d200e84c34102e
SHA256

0d401a53168f610a7c45ff329137cf2a3e2c6fe11e0fa82166574acfd971079c
SHA512

2c469e6cc3564abb30712c67cb94765fbfad5e4a90f863641df74025e684ff15c587721e23d8e2c170fe35016f595d8534935c044c954c692d3ee91373ed05cd
SSDEEP

3072:bBk6CUZGtTBfsdJQzloe73vGRWb3R8TWj4e3tnVA5bcJcr:bBk6XZGtTBOJ+ltKRW98I4It+Vcyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64984165000b64b4bd1d611a8ac43774_JaffaCakes118

Files

64984165000b64b4bd1d611a8ac43774_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c9d4e2dd3f8bf82e5ceaccae4b6d66b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
CloseHandle
WriteFile
CreateFileA
GetTempPathA
GetModuleFileNameA
Sleep
GetTickCount
FlushFileBuffers
ReadFile
GetFileSize
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

sprintf
memset
strrchr
strcpy
??3@YAXPAX@Z
strlen
strchr
__CxxFrameHandler
strcmp
malloc
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memcpy
??2@YAPAXI@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ