a3649bf5c3dee713638b60d2862ec153_JaffaCakes118 | Triage

Sharing

General

Target

a3649bf5c3dee713638b60d2862ec153_JaffaCakes118
Size

116KB
MD5

a3649bf5c3dee713638b60d2862ec153
SHA1

d152206eace0b97af9dbb2784f78a718182d0c64
SHA256

2d35df49d17e4eeda126f2cecdfcfaa22a6a9e477103d7efb78bfd25adc201be
SHA512

cec32957a6c66c26e243fea5eb5ea135744fca8058de2fd96fe7cab93c0c662be3decfb79b9d30896981eb7474e16331632a2409e9199075a1129c2380a50aa1
SSDEEP

3072:TLeBYiy4L6peGuF+TkB8JPJI089FzMMwMa/xr/z/J1qFuc:X+0HuF+TkB6z8zzhgv/J1QL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3649bf5c3dee713638b60d2862ec153_JaffaCakes118

Files

a3649bf5c3dee713638b60d2862ec153_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a802a7ad40499cf1f5a7c02df2d6659

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetConsoleAliasesW
SignalObjectAndWait
GetDriveTypeA
WinExec
GetConsoleCP
DosDateTimeToFileTime
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetProcessIoCounters
lstrcmpi
IsBadStringPtrW
RegisterConsoleVDM
FreeUserPhysicalPages
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

CODE
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE