b0240695f41fc4beba9e7867815667a4_JaffaCakes118 | Triage

Sharing

General

Target

b0240695f41fc4beba9e7867815667a4_JaffaCakes118
Size

364KB
MD5

b0240695f41fc4beba9e7867815667a4
SHA1

24f2868d4016d25efc6a91f93650362d64d7f35e
SHA256

7f93c842b6ead4a9e9007e94f3d3b2a31897332910660281e5d7cedc07fddeb5
SHA512

28d0ec34889dac323338cf33b9b532ea849314c708494b501628bb19fcb615db9eac19b0ba9b7c3f081ff30c604aa47996f5665e55869b6be15fbdc0fd1877bd
SSDEEP

6144:BQzSuI3Z/mqjn/7DEZjwbDPjFMajiYsfQ4nsm36y32:BQ2uI3hxEyPJMau3tG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0240695f41fc4beba9e7867815667a4_JaffaCakes118

Files

b0240695f41fc4beba9e7867815667a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f89532d3ae1546fafb3fb5a4cb961c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetCurrentThread
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetPriorityClass
GetCurrentProcess
GetCommandLineA
lstrcmpiA
DeleteFileA
SetFileAttributesA
lstrcatA
MoveFileA
lstrcpyA
GetShortPathNameA
GetWindowsDirectoryA
GetUserDefaultLangID
GetModuleHandleA
GetStartupInfoA
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
ReadFile
GetFileSize
EnumResourceNamesA
SetCurrentDirectoryA
RemoveDirectoryA
GetModuleFileNameA
GetTempPathA
lstrlenA
GetProcAddress
CreateDirectoryA

user32

wsprintfA
CharNextA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ