ab038de1a26e60b5d34b71c7a2977831_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab038de1a26e60b5d34b71c7a2977831_JaffaCakes118
Size

604KB
MD5

ab038de1a26e60b5d34b71c7a2977831
SHA1

f0a35f0cffff36c66e7086ddf0cd679d3506da31
SHA256

303114ee33ae54c9e2a062722dcad59174695c9fdaa40239543292bc7775e747
SHA512

b3f5fb380b01a4e8ded3a236c3b360112f4c7ab6591e26b850bb47120e930308587b19766d58d2b39d93f3545efb9972bd76642d91835d41f216f150c305de90
SSDEEP

12288:FWGZiIjxrP0ISNjsLfpoMROVESS0SXLF62XT3j5Z3pEsF5Zh:FC2xraNgpoMRKSXLv9Esz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab038de1a26e60b5d34b71c7a2977831_JaffaCakes118

Files

ab038de1a26e60b5d34b71c7a2977831_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4ff4e9520d2b9d618be12fecec0c0ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
DeleteFileA
Sleep
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LockResource
lstrcpyA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA

lz32

LZCopy
LZOpenFileA
LZClose

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ