a4c09c32deccf71c0c16f00a15c57771_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4c09c32deccf71c0c16f00a15c57771_JaffaCakes118
Size

108KB
MD5

a4c09c32deccf71c0c16f00a15c57771
SHA1

315322b15e7ca024aa5620af6a60deff5c67bd19
SHA256

047bb3191ec99680baad5805d90ebd644b023bfab280855077680abc171b07fe
SHA512

d87d35c289cb2cfe7df5b0403ed77b8c2f7b377082675847cb0a06bd88ec7b3ec28a39e945e38b5da8d317e865202e8e0ad2e9ebdb88f0d1107aa7f675e18e39
SSDEEP

3072:KWpMf/Pd013zJ8AtDGTfyUv3tqmWfs9aUrP449Y+A7YnZzrvYp0tEyN1lNNiZ:KWr/nisp0tE21EZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4c09c32deccf71c0c16f00a15c57771_JaffaCakes118

Files

a4c09c32deccf71c0c16f00a15c57771_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc806b2e6d1c2ee22058596f3d1eb981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
IsValidLanguageGroup
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree

advapi32

ImpersonateSelf

wininet

InternetOpenA

shell32

ShellExecuteA

dbghelp

SymInitialize
StackWalk
SymGetSymFromAddr
SymFunctionTableAccess

Exports

Exports

_NDQRU@0

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ