ad0c707e91e7c2ad43738659d5c0f331_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad0c707e91e7c2ad43738659d5c0f331_JaffaCakes118
Size

143KB
MD5

ad0c707e91e7c2ad43738659d5c0f331
SHA1

d72945b50d8f0924377d57c37a693c8093fec8fe
SHA256

1705426f236d92ea1def7a4661ca9b3ebc2fcaf5288ba4823a450f35cc33927b
SHA512

87e14446da96addf1e28d15b65b46d3d59f0971426b9905645e3891b0c423607030155a36319833ad7f8712a913aaf161ee4919e369f85582b8df6a46814698c
SSDEEP

3072:fMwacOe2B6w2fdtD2uiv91P2Us9vC3EUwxN8ey/ZWTr/ceT4TRzvvH+wV1kFm0:fB3tXD2F11P2VtC3ErAYTr/ceT4TRbvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad0c707e91e7c2ad43738659d5c0f331_JaffaCakes118

Files

ad0c707e91e7c2ad43738659d5c0f331_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bfcf69a7e46be2c863120d8b6b5a0c42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA

kernel32

ReleaseMutex
ClearCommError
GetStartupInfoA
ClearCommError
QueryPerformanceCounter
ExitProcess
EnumResourceNamesW
CreateMutexA
ExitProcess
CreateProcessW
GetExitCodeProcess
CreateFileMappingA
MapViewOfFile
GetModuleFileNameW

user32

GetMessageA
SetTimer
CharUpperA
KillTimer
PostThreadMessageA
CharNextA
PeekMessageA
LoadStringA

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringFreeA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ