68f2b459d08c9f9f9e43127c5a4509a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68f2b459d08c9f9f9e43127c5a4509a5_JaffaCakes118
Size

133KB
MD5

68f2b459d08c9f9f9e43127c5a4509a5
SHA1

d6b3b8f79c6b1b523670a5054f64ba7c1bc6a955
SHA256

360e12e165f80c43b5753db27465f540ab71ee5b9beae8a1990a2c7e06973b80
SHA512

67d55d9a97033c8b214e8b169dd92224ca5dd316a76b36c48f3610d6e501a31a9ecbed43ed92332b903f8872739aee8e1a5e973576065d738232e270d2d8306c
SSDEEP

3072:414PRPSvPN1xtPTGgYNHzswuDgHIaRDpNkvvRHNweT0C86/Ig4E:sEQvP7Gg6u6IaSjDX8E4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68f2b459d08c9f9f9e43127c5a4509a5_JaffaCakes118

Files

68f2b459d08c9f9f9e43127c5a4509a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f58fd5d583f7d88e0aa682547433283d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFromStringBindingA
NdrClientCall
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcStringFreeA

user32

KillTimer
CharUpperA
SetTimer
GetMessageA
PostThreadMessageA
PeekMessageA

kernel32

ClearCommBreak
ExitProcess
ClearCommBreak
GetStartupInfoA
EnumResourceNamesW
ExitProcess
CreateProcessW
QueryPerformanceCounter
GetExitCodeProcess

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ