abd8cba2e71042d9561f8cd7a8a6625c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abd8cba2e71042d9561f8cd7a8a6625c_JaffaCakes118
Size

6KB
MD5

abd8cba2e71042d9561f8cd7a8a6625c
SHA1

5e2c3a6808b466b0f9538b88e2450802a168eda4
SHA256

9f7c9dc8994fc3c9d3404c0f423f32d70e7e62a58ff6b558734f5bb1af5d8d67
SHA512

086cca5828149ca768c86ff34c67525f8a9d2455dafb922b2e730c4c73fc4e158d8e634d84023e0c5edaf06c097a0e5338deddfdb64a2b7662f4f83033433f71
SSDEEP

96:YnaeJ7rJNh0vjcSRamOKY/Jw5+lAbMMM6mQNHsWwt44HqE:Yn5J7tNqrHR3OKY/JwsCbM2LhsL9HqE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abd8cba2e71042d9561f8cd7a8a6625c_JaffaCakes118

Files

abd8cba2e71042d9561f8cd7a8a6625c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83598e062a04a9d40f1a3570af5642ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\MyDowner\Release\MyDowner.pdb

Imports

kernel32

Sleep
GetTempPathA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime

msvcr71

_c_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
_except_handler3
__security_error_handler
strchr
exit
strncmp
strstr
strrchr
_exit

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE