d01f2f26363b96100ab3c74c788d5090_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d01f2f26363b96100ab3c74c788d5090_JaffaCakes118
Size

139KB
MD5

d01f2f26363b96100ab3c74c788d5090
SHA1

95c39e77117665d237a067bdefda1206edf36ee0
SHA256

121e141be4508c6d63c7f19afec8ef172fa28ac4030d7406b5caaf12f525d927
SHA512

98c20fba5f8ba747ce5bd38125272ef1fe31469264587eb329554e7ea050168ea2bc3492ca9d6d1367fd564da6217a5d8a4c29f5affe7aa9452fa9da495bc655
SSDEEP

3072:SGh2zNOWdGFHwdMcDDhkZmNf42eLnBv9eJlgbEk:dh2aQdMiFgmNA2eLfqgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d01f2f26363b96100ab3c74c788d5090_JaffaCakes118

Files

d01f2f26363b96100ab3c74c788d5090_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eca79cdb29e66d7c8313c2b97d8f2ec8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
SetTimer
PeekMessageA
CharUpperA
KillTimer
CharNextA
PostThreadMessageA
LoadStringA

kernel32

ClearCommBreak
GetStartupInfoA
ReleaseMutex
ExitProcess
ClearCommBreak
QueryPerformanceCounter
EnumResourceNamesW
CreateMutexA
CreateFileMappingA
ExitProcess
GetExitCodeProcess
CreateProcessW
MapViewOfFile

rpcrt4

RpcBindingFromStringBindingA
NdrClientCall
RpcBindingSetAuthInfoA
RpcStringBindingComposeA
RpcStringFreeA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ