b80009eb07390a7915fc302482b036e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b80009eb07390a7915fc302482b036e0_JaffaCakes118
Size

142KB
MD5

b80009eb07390a7915fc302482b036e0
SHA1

e0e45b75ecc5ba1dd9f5f805ec06825b973bfd63
SHA256

a7f5fad7302a826ed304784aea42b3eb60ebc6fa0bfe4b448cca2fc80787f027
SHA512

a2030bad015538ca993f328d6e5f2e74ffe203263020e679387fc17018257b86ecf9afa6e162f77186554989abdda11caa2ad32f4832cbf899d69fb586cac241
SSDEEP

3072:0mSmYp4Vc5aSpc4+azIy7ctsiBIBdoEN88Uij8Qmlq3f2rALyY6TMH3:PvYp4V4rQazIy7cGES/Nxdj8Qmlqv2kz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b80009eb07390a7915fc302482b036e0_JaffaCakes118

Files

b80009eb07390a7915fc302482b036e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

533c1edc5f233372969912071bd385ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
CloseHandle
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
lstrlenA
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
lstrcpyA
SetLastError
DeleteFileA
lstrcatA
MoveFileA
GetModuleFileNameA
WinExec
CopyFileA
Sleep
GetFileAttributesA
GetLastError
ReadFile
SetFilePointer
GetModuleHandleA
CreateDirectoryA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateThread
SetProcessShutdownParameters
FreeLibrary
GetProcAddress
LoadLibraryA
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc

msvcrt

realloc
malloc
strlen
__CxxFrameHandler
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strchr
memcpy
memset
??2@YAPAXI@Z
strtok
_strcmpi
_strrev
_strnset

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ