d036d1629e658b9602fbc2da6ae98fd6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d036d1629e658b9602fbc2da6ae98fd6_JaffaCakes118
Size

512KB
MD5

d036d1629e658b9602fbc2da6ae98fd6
SHA1

0cf73c54a797faa00fb6cee0a8feedcbee3054b5
SHA256

63664fa3d4a4481bb04b7d763aac123c35f9621f95e9fddd8f1fc57940785074
SHA512

616b4a42cfacbbdb5f8b74a7508dc0cd88d03fc2c10dedc8e6e8bd8ac211d41f82a33b1cfd52d1448f4b2778e4e365473a8c59dd6d060e7e2ad2ca46ace352e6
SSDEEP

6144:lHxt5aJc5qrtGAO5gOFh5oc+eS7X+MJoeKV1I4KzbMyUULexrtQNZM90e/:lHxt4JcatE9hE7hJ4j0zQ3Ntj0e/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d036d1629e658b9602fbc2da6ae98fd6_JaffaCakes118

Files

d036d1629e658b9602fbc2da6ae98fd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7374812417212948b118d41d5f11b3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

ord27
ord52
ord22
ord57
ord18
ord44
ord45
ord10
ord16
ord31
ord26
ord58
ord53
ord30
ord19

msvcrt

_wenviron
_EH_prolog
wcscoll
exit
_searchenv
_execvp
_itoa
__initenv
rand

kernel32

VirtualAlloc
CloseHandle
GetConsoleCommandHistoryLengthW
GetStdHandle
ExitProcess
UpdateResourceA
CreateFileA
GetStringTypeW
CloseProfileUserMapping
GetACP

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 316KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ