aabad96b5b9163ce97a67080cf25a1d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aabad96b5b9163ce97a67080cf25a1d8_JaffaCakes118
Size

4KB
MD5

aabad96b5b9163ce97a67080cf25a1d8
SHA1

50134ca15de028dbf4c1052819194eafaf9e6a26
SHA256

9df9de336abf94b3622f82c366a1c9a907d468ac9b1d70825a8adf89ec475ff5
SHA512

a715c37b3cd21ae1e2716e20a1c6ffafc19cd82b5153152109efc9015faddc8874c4eada43d6e9e5d63cef2206618647e9881c2f3e63a25882503411a6b9e874
SSDEEP

96:5dPpYbvci635M6biYFx6DDNZEFEiBVTm:5VplR33IDNqnBVT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aabad96b5b9163ce97a67080cf25a1d8_JaffaCakes118

Files

aabad96b5b9163ce97a67080cf25a1d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4830c54e1f3fd01df6ec9d56d0f71bb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

strcat
strstr
strcpy
_splitpath
memcpy
_itoa
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

lstrcpyA
DeleteFileA
GetVersionExA
FreeLibrary
lstrcatA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetComputerNameA
lstrlenA
lstrcpynA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetVolumeInformationA
FindFirstFileA
FindClose
FindNextFileA

user32

CharLowerA

advapi32

CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE