a79ccd053c1b82a190b2721c6e4a6064_JaffaCakes118 | Triage

Sharing

General

Target

a79ccd053c1b82a190b2721c6e4a6064_JaffaCakes118
Size

29KB
MD5

a79ccd053c1b82a190b2721c6e4a6064
SHA1

047720a61950346e8439fdcf9f4781aab877540a
SHA256

dc7678e33eb70a24771f4e51e39d1151af1c3181e296fb286795a245d76ad68d
SHA512

396565fe2c392b50404439b6af8789e297b4ba02cecdda3dac289404e239003ffe1f3296abb9f00ac7aeb131d9bfe8aa50efa6aadffea76638b7d2b61d1cc122
SSDEEP

768:NedvKvvE0Bs7cYhiFw8ih4jSFcVH7564/dT:CaEcf2ph4jSSHl64/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a79ccd053c1b82a190b2721c6e4a6064_JaffaCakes118

Files

a79ccd053c1b82a190b2721c6e4a6064_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69554cd2a6527aebaadd24b6c769fd05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
_controlfp
_adjust_fdiv
_except_handler3
__setusermatherr
__p__fmode
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_write
_c_exit
_initterm
__p__commode
strchr

kernel32

LocalFree
FormatMessageA
GetModuleHandleA

lprhelp

GetShortQueue
CloseLPR
GetLongQueue
OpenLPR

user32

CharToOemBuffA

Sections

_kelly_
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ