d1c4bbf731acf0406c07304a887b0f3a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1c4bbf731acf0406c07304a887b0f3a_JaffaCakes118
Size

148KB
MD5

d1c4bbf731acf0406c07304a887b0f3a
SHA1

24aaa77d61808e65a30a633ced4b3d8e0e4ba048
SHA256

70e730887b72390d007309655dfafb1b650eddccacfd01b4f69cf142ba3004ce
SHA512

0b743f304c6c71a9fbd11ec976689cfcf85af30f3dd51dbbf62d01644c92e53d5b46e8d68993e58fd917607b968c32ab9d382bf9e92bb2771a47212a19a137f5
SSDEEP

3072:9oCqQaxjZhI+RcmdbLUtr3g31knDULzE9aNsNTq/wKBjHA:9NqvBZa+R5LU1jQGN2/z6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c4bbf731acf0406c07304a887b0f3a_JaffaCakes118

Files

d1c4bbf731acf0406c07304a887b0f3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70ba93614dd0d7e56f4448e2c8f71489

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5856
ord6648
ord860
ord6663
ord6877
ord537
ord941
ord540
ord2614
ord800
ord823
ord2915
ord825

msvcrt

_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??1type_info@@UAE@XZ
strstr
_CxxThrowException
_except_handler3
_vsnprintf
__CxxFrameHandler
_XcptFilter

kernel32

LoadLibraryA
CreateThread
GetTickCount
GetModuleHandleA
GetStartupInfoA
GetProcAddress

Exports

Exports

ExitApp
InitApp

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ