c1f3878f57df80f308d44e446dba6d09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1f3878f57df80f308d44e446dba6d09_JaffaCakes118
Size

76KB
MD5

c1f3878f57df80f308d44e446dba6d09
SHA1

d10faecef0d5520c92d50f6e5eb4e6c8568093a3
SHA256

eb91939b1fe2fe824293fdeae8c170efa499200f55278628971292e5511016e4
SHA512

8e64da826b3663967072f76e39c4ecab6eaed722e40bdbf2277a12866863e67866b20212719803515df490c6ba923ffb5c5ff0245c60f021a01ece539636afd4
SSDEEP

1536:gFQWJsJXACjPvXDlJxP7WDhr0TFfIe6wo2AgpWnn9dF3BJTzFWoSEuEVNP:g2wCzpJxPlTFfIe6QAgYnjFWoSEuEH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1f3878f57df80f308d44e446dba6d09_JaffaCakes118

Files

c1f3878f57df80f308d44e446dba6d09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abbef69c132f00d8261ba6f1362c46eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord354
ord825
ord350
ord540
ord860
ord5186
ord1979
ord800
ord665
ord3663
ord3127
ord5651
ord823
ord3616

msvcrt

rand
__CxxFrameHandler
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
strcpy
strcat
strlen
rename
sprintf
memset

kernel32

FindResourceA
LoadResource
LockResource
SizeofResource
DeleteFileA
CloseHandle
WaitForSingleObject
CreateProcessA
OpenProcess
GetCurrentProcessId
GetTempFileNameA
GetModuleHandleA
GetStartupInfoA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
SetFileAttributesA
GetModuleFileNameA

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ