b098aee16bd138c412075c9d315aefc9_JaffaCakes118 | Triage

Sharing

General

Target

b098aee16bd138c412075c9d315aefc9_JaffaCakes118
Size

78KB
MD5

b098aee16bd138c412075c9d315aefc9
SHA1

32cd73cc2158310b228c4dc229290777b23a25f6
SHA256

17280f9a3824773396734a46ff35d8ad0f8ff22ca42d12c512bf7f5cbfa0aedd
SHA512

1ed6cc7451e6467437fb96e8dc6941c93327d38a93500c82b3b58e5509940861467ffb591e622abdb81b64dcb12a36c991ea2326836bbac4f45bcb2290192f63
SSDEEP

1536:OU8k5kJPd+C7D7Jb6OYNILzsE04ZAw6LNfUXl:OU8kWr+LFOLzsNAAvByl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b098aee16bd138c412075c9d315aefc9_JaffaCakes118

Files

b098aee16bd138c412075c9d315aefc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ea9255447c93338fa5d973675b6ca40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetModuleFileNameA
TlsSetValue
GetFileType
GetEnvironmentStrings
Module32Next
DebugActiveProcessStop
GetPrivateProfileSectionNamesW
CreateNamedPipeA
ExpandEnvironmentStringsA
ClearCommError
VirtualFree
SetHandleInformation
MultiByteToWideChar
SetFileApisToANSI
GetProcessHeap
SetConsoleCP
GetShortPathNameW
ScrollConsoleScreenBufferA
ExpandEnvironmentStringsW
GlobalFree

Exports

Exports

LBiv
LDdq
LDvwdt
LHvu
LHwb
LLaqr
LLof
LNja
LRbe
LRcl
LTfld
LXpk

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ