b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118 | Triage

Sharing

General

Target

b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118
Size

194KB
MD5

b33f1b9d59cd752a56b41ed9687793e0
SHA1

c195e7858bcdace58f302f27a2996a89ec4f2793
SHA256

a60d6247af46ae80515f179c406b07d4ce1f9705f13d98cd2c9114c7de1fd64f
SHA512

7a8c7aeb1b546ef43b1ec322278e35310d0f410ea54277540f80849f12e67d1b245e246875b1971f84ec7e8c8a3feb950ddf6eec7426acec13d80fdb1186f44a
SSDEEP

3072:U27BeCgrio6Fgq+hZSfp5qZf0oeHCc4LBtWvM:U6wC8hq9wVQzJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118

Files

b33f1b9d59cd752a56b41ed9687793e0_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7b87f9e0a2f6f856c6af929dcc4b34c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateEventA
FormatMessageA
DeleteCriticalSection
GetStartupInfoA
SetEndOfFile
OpenEventA
ExpandEnvironmentStringsA
LockResource
GetACP
GetCommandLineA
GlobalUnlock

msvcrt

memcpy
time
_mbcjmstojis
__set_app_type
_except_handler3
_strtime
getchar
_acmdln
_exit
_wrmdir
_XcptFilter
_strerror
_wstat
__setusermatherr
__p__commode
_controlfp
_adjust_fdiv
_wexecvp
_initterm
__getmainargs
__p__fmode
tanh
_strnset
isleadbyte
fgets
_wchmod
_mbsstr
exit
_mbscspn

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ