d3aeb4370850769ca0e5682854133e59_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3aeb4370850769ca0e5682854133e59_JaffaCakes118
Size

104KB
MD5

d3aeb4370850769ca0e5682854133e59
SHA1

fe45b7d33d6a2f93a18bf1a20abe1c5b1b5dddf9
SHA256

4576ff89edffbc33f88cad989c152a4f7841a146130aa720a8987c458c09bb2b
SHA512

e800ca103cb44ef507cb0d83b691847887ac5ef24ea67dbb6ba55c16f57e7e5a266e8247818ccc1f763d527ad4e749b1c653b42827b3321804c24cdd96744e46
SSDEEP

768:egSAtjxjDKIYbQ2WwGzsBdNhbCW8PAgOmelSbM/lfve:ao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3aeb4370850769ca0e5682854133e59_JaffaCakes118

Files

d3aeb4370850769ca0e5682854133e59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

768a1d97e127eda949c3a6ba5b36a197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ExitProcess
Sleep
CreateThread

mpr

WNetAddConnection2A

rpcrt4

RpcRaiseException
NdrPointerBufferSize
NdrConformantStringBufferSize
NdrPointerMarshall
NdrConformantStringMarshall
NdrConvert
NdrConformantArrayUnmarshall
NdrClientInitializeNew
NdrNsGetBuffer
NdrNsSendReceive
NdrFreeBuffer
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree

msvcrt

__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
free
malloc
memset
printf
strlen
sprintf
strcpy
_except_handler3
_chkesp
memcpy
memcmp
_onexit

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ