871e25c2311c8fe92fe216b4dccd3cc4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

871e25c2311c8fe92fe216b4dccd3cc4_JaffaCakes118
Size

132KB
MD5

871e25c2311c8fe92fe216b4dccd3cc4
SHA1

3bdc8bbf0579bd454d06ac4595d7bbcbafce2b16
SHA256

604a09490d40185820303a6ca43c57cc1a8a06d2e714fff772bf9e01da02dcc6
SHA512

968f27c6d778f61dbdf49c4e3c48953bc6a7f7b20a2664bf20a7bf77404f37f384a51d9851f242ff9c316a649677ee2b5056ddec41ff74fe9d6018752165a4bd
SSDEEP

1536:d3SVVqwrvUd/bNk8kjc5oJ/s48Qddg6+LByCQRH7mKGUaHrO5F3jV+hPcagsoKRs:d3oyHk45t+f+LBMHNGUa6Xucagso/2G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
871e25c2311c8fe92fe216b4dccd3cc4_JaffaCakes118

Files

871e25c2311c8fe92fe216b4dccd3cc4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7f2b127354c468ce799ab06d26d8277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
SetConsoleOS2OemFormat
ResetWriteWatch
AreFileApisANSI
MoveFileExA
RegisterWaitForSingleObjectEx
RtlMoveMemory
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

data
Size: 8KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ