ad992fe51e7fa8f59eaba49ba2630b0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad992fe51e7fa8f59eaba49ba2630b0d_JaffaCakes118
Size

3.5MB
MD5

ad992fe51e7fa8f59eaba49ba2630b0d
SHA1

6fae4aaa413633af972af5e9d087b319a3415784
SHA256

7123dff3ffd9fed85eaf7882962466cb466cdc7577348750f73e71bed399318a
SHA512

af9905eac5e689c2116d5a1928eb0b5edad395abba27ee7931cf99919bad8baee6a7339f2b12ac02c909305fdeb78da7d451683307ad380ac9310215a5c7cfc2
SSDEEP

49152:Bml7Xwb+3iiR3PeBoOIwTKtsD9y6ecI2VqnAu3t9P/QzCCbBayDBaXUxFX:BmBlR3YVXCsD93esLqt9qbESByO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad992fe51e7fa8f59eaba49ba2630b0d_JaffaCakes118

Files

ad992fe51e7fa8f59eaba49ba2630b0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

235aba0a819bab0c31910c0fd108876c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

IsDebuggerPresent
GetProcessHeap
lstrlenA
ExitProcess
WaitForSingleObject
CreateThread
GetLastError
CreateMutexA
lstrcpyA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetCommandLineA
WriteProcessMemory
lstrlenW
GetModuleFileNameW
Sleep
ReadProcessMemory
GetModuleHandleA
GetCurrentProcess
GetStartupInfoA
lstrcmpiA
HeapFree
GetEnvironmentVariableA
HeapAlloc

user32

DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
CreateWindowExA
RegisterClassExA
DialogBoxParamA
MessageBoxW
MessageBoxA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ