8c04d468b0d755a524df962346d77cc7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c04d468b0d755a524df962346d77cc7_JaffaCakes118
Size

137KB
MD5

8c04d468b0d755a524df962346d77cc7
SHA1

38456351508b369c38a5b4a1d44203b532228b74
SHA256

19b43b503fcd9af74a922ccf22c38017c23ef57ae0946554593127cbbbc262fe
SHA512

4c28cf1b2c32454d980902b3d97cd7cd88d1c3ce1897281ff8da884dc8521a32c3c59fe38cfa1474947e2c08c35fe846c777789fe363737214f51399947eba45
SSDEEP

3072:EkjlakcOQGu4CUjICOCUliRwuCSAVPg/K1NK6USq91UV/eE4K3YBNP+y:1szvGc+kPGqR1Y3UqK3aNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c04d468b0d755a524df962346d77cc7_JaffaCakes118

Files

8c04d468b0d755a524df962346d77cc7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17f9d3874f70039771d815c142ed1a99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA

rpcrt4

RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA

user32

PeekMessageA
PostThreadMessageA
SetTimer
KillTimer
GetMessageA
CharNextA
CharUpperA
LoadStringA

kernel32

CreateMutexA
ClearCommError
MapViewOfFile
GetExitCodeProcess
ClearCommError
ExitProcess
CreateProcessW
EnumResourceNamesW
ExitProcess
CreateFileMappingA
GetStartupInfoA
QueryPerformanceCounter
ReleaseMutex
GetModuleFileNameW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ