d08d2e673f8bf87b7874676e04f4b8b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d08d2e673f8bf87b7874676e04f4b8b7_JaffaCakes118
Size

24KB
MD5

d08d2e673f8bf87b7874676e04f4b8b7
SHA1

d75d6fc68f6d88d9f836444298b1b021032ead81
SHA256

fec65839154f6689c3d4231cb42bf38c3ce0be20d2b96576e7da63f93b52dc73
SHA512

0db58d245efcc55e52a3156d64ae980fed975e45c40cd1f19ae69cbd440d7d75b858f9f21aa7d24ee0a5fb87f752919181041d19950ccbf96ab73067dc8aeb8b
SSDEEP

384:/y630Smv6jihlQ8X+ZOhL7xLt5BlSK8opDY5n5bV4:/y630Smv8ihy8X/fBlSK8opknBG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d08d2e673f8bf87b7874676e04f4b8b7_JaffaCakes118

Files

d08d2e673f8bf87b7874676e04f4b8b7_JaffaCakes118
.exe windows:1 windows x86 arch:x86

93762371b5e8d129ca06595563ce2f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3220

_strcpy
_open
_unlink
_strlen
_sprintf
_read
_write
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ExceptionHandler
___debuggerDisableTerminateCallback
__startup
__strtold
_abort
_calloc
_close
_errno
_filelength
_flushall
_free
_lseek
_malloc

kernel32

lstrcmpA
WaitForSingleObject
GetModuleHandleA
ReleaseMutex
GetProcAddress
CreateMutexA
CloseHandle

user32

MessageBoxExA

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ