d1482290fb8c53b3d580896dfa13d964_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1482290fb8c53b3d580896dfa13d964_JaffaCakes118
Size

32KB
MD5

d1482290fb8c53b3d580896dfa13d964
SHA1

431fe61ff185b4c8567733a0b1802ccc639c2ea6
SHA256

82bd72dc1f2bd1042a0ec90caa9162f3f0a963831ca8e3d759322cb75f566f57
SHA512

ff205bba3afa3a274f90e484b73f5b03d3e1886cd021edf0def6a33f58158ed5480e85505e9429fbdef313cde4040be9986e02a642c932d87e4611830b8aa0a8
SSDEEP

384:UQrMzw468mLEFRXNabCp+FsTZmG0QzerW:UQut9abCp+Fwo5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1482290fb8c53b3d580896dfa13d964_JaffaCakes118

Files

d1482290fb8c53b3d580896dfa13d964_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fe686b0baa1fbfc80b6ba6eb62d35d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
TlsAlloc
TerminateProcess
OpenProcess
TlsFree
GetFullPathNameA
GetFileSize
GlobalAlloc
InterlockedExchange
GetCommandLineA
CloseHandle
CompareStringA
GetLastError
CreateFileA
GlobalLock
IsDebuggerPresent
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
ReadFile
VirtualAlloc
GetModuleHandleA
ExitProcess
LocalFree
FormatMessageA

user32

SetTimer
MessageBoxA
wsprintfA
KillTimer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ