739edd60a7f42117633973fb2487b452_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

739edd60a7f42117633973fb2487b452_JaffaCakes118
Size

144KB
MD5

739edd60a7f42117633973fb2487b452
SHA1

baa8c48e1e0ac95da2aabce7a5d37cd7351264ec
SHA256

ba0aa710e82ec50091ac7e3aaf3e4a32e05ec8ee633e6e04d0629f233858135f
SHA512

62aaba9d5e0882aecdffa7514d2236b979e6316c1906f7626be004da7b82d8863aacb25e838c870c4b686c8da8268e43a0bb1000281f2ee7c7370773a807f2ed
SSDEEP

3072:tcRJExqikoJZDx4UeNGl1e92CDyGms+KM1gFV/m3C:tG8qinuUeNGlQg0JLNYgPm3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
739edd60a7f42117633973fb2487b452_JaffaCakes118

Files

739edd60a7f42117633973fb2487b452_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d92be5222539f709e25aec824cbf2077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
CharNextA
KillTimer
CharUpperA
GetMessageA
PostThreadMessageA
SetTimer
LoadStringA

rpcrt4

RpcBindingSetAuthInfoA
NdrClientCall
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcStringFreeA

kernel32

ClearCommError
CreateFileMappingA
ExitProcess
GetStartupInfoA
ClearCommError
CreateProcessW
ReleaseMutex
EnumResourceNamesW
ExitProcess
CreateMutexA
QueryPerformanceCounter
GetExitCodeProcess
MapViewOfFile

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ