a4899f60f36e02525a6b38de28e24441_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4899f60f36e02525a6b38de28e24441_JaffaCakes118
Size

265KB
MD5

a4899f60f36e02525a6b38de28e24441
SHA1

9e1a2faf5729a863542914ae2e3f2588132be181
SHA256

23f929d930dcb4fab78b15a2a1cf0505cf28bb54ab4992ff0dd0dac6e5f19c2b
SHA512

6383770e0181a1707b78e573ac2fbb2e65919bfa1ee8baae7d3a875bb09f543784cb728fddaf1f26850065cfc5bba00463e1be0d9581db8acb1dc986a4aee040
SSDEEP

3072:XlBhaJTpWK/ydXAhMjJtoni4Rt3LlW31HKeDUNFZZSPg4MnSsMsojzn4bD6aHLFO:WoXPN4Rto31q06IY1MNn4bD5H9xev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4899f60f36e02525a6b38de28e24441_JaffaCakes118

Files

a4899f60f36e02525a6b38de28e24441_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6ec1adcfd26bbeb422c5dce58050490

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayDestroyDescriptor
CreateStdDispatch
SafeArraySetRecordInfo
VarNumFromParseNum

ole32

CoDeactivateObject
BindMoniker
CLIPFORMAT_UserFree
PropVariantChangeType
CoEnableCallCancellation

kernel32

FindResourceA
GetModuleHandleA
VirtualAlloc
GetStartupInfoA
SetStdHandle
EnumResourceTypesA
LockResource
SetConsoleCP
ExitProcess
EnumResourceNamesA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ