b48e703596bd2a7e5f4fe3e3c0ffb769_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b48e703596bd2a7e5f4fe3e3c0ffb769_JaffaCakes118
Size

34KB
MD5

b48e703596bd2a7e5f4fe3e3c0ffb769
SHA1

86721bb7be50e78a12c266ff68fac4c4e6dc3fec
SHA256

7b80217ddf4990f3930dfdd4adaf2a7dc02c8cf24dff07b53b063304f4b0f1ac
SHA512

c3908372e8799fcac8ad2d593c19903c26ab2d00cf8fa1ef143c0afe56820a2dd4df59b845cb61b7af8ca0546c6ba887f607e7afb3bcee01153fa1e9fddd2376
SSDEEP

768:MdCIyyHC/26WpVPccaxvd2B//0Yr7t05l9ur4B52zT:MdjtHBQxvdE//l7tgha/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48e703596bd2a7e5f4fe3e3c0ffb769_JaffaCakes118

Files

b48e703596bd2a7e5f4fe3e3c0ffb769_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2823c454157c81aeca51fc27499e45b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetFileSize
FindResourceA
FreeResource
MapViewOfFile
UnmapViewOfFile
LoadResource
Process32First
SleepEx
GetTickCount
GetCommandLineA
Sleep
SizeofResource
lstrcatA
lstrcmpiA
QueueUserAPC
Process32Next
WritePrivateProfileStringA
GetModuleHandleA
IsDebuggerPresent
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
CreateThread
lstrcpyA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ