b2bd265005c7318656307a55b005e4d1_JaffaCakes118 | Triage

Sharing

General

Target

b2bd265005c7318656307a55b005e4d1_JaffaCakes118
Size

224KB
MD5

b2bd265005c7318656307a55b005e4d1
SHA1

0f2bf92ebc8a134c13335bd6f09715271318b383
SHA256

f9fcb5112308e703446c37291fe812b95b7b02166e18b4fac8615b3e586c64fd
SHA512

087a5e57fa03ff49b7dce897060bd6abc810443423c4fd0b84bfc955e1b1dc06fcd7ccae5f2b3cbcd299376c1e7434a0757aa8b75a3cb1a693a73e53564bf727
SSDEEP

6144:KtkEoAM4iYQqA46+wRIvgfTSA31jtLOLdA:66+YffT331FOLdA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2bd265005c7318656307a55b005e4d1_JaffaCakes118

Files

b2bd265005c7318656307a55b005e4d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6039c26165040db47e28057ca34786ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
memcmp
strcat
isdigit
isspace
memcpy
rename
memset
_EH_prolog
__CxxFrameHandler
strcmp
strncpy
strstr
strcpy
rand
abs
strlen

user32

MessageBoxA
wvsprintfA

kernel32

GetModuleHandleA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
GetTickCount
GetStartupInfoA
GetCommandLineA
ExitProcess

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ