ddf4fbd4a0e3d049a4045359743bf1b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddf4fbd4a0e3d049a4045359743bf1b7_JaffaCakes118
Size

293KB
MD5

ddf4fbd4a0e3d049a4045359743bf1b7
SHA1

e5cf31195196d1ec1bbbebc81026200cdfb4308b
SHA256

1bed2ba12ced83e6f177f14038f0a9eccd542a863d59c9b442600c7dd3b8d0b1
SHA512

56fc7aa75ab32bfd6cc9f4be292be711518cf65fbc35bbe9b64eda713c107805a5ed717c703403e114d97de6af412e15361919e61d5f53b1ebcad5803f16f1f6
SSDEEP

6144:RSpC09pNCS2QAosq97WreMVs2aHDuH4PgKfYPu+eHQqdU:RGC0gwpclaji4PpYm+7V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddf4fbd4a0e3d049a4045359743bf1b7_JaffaCakes118

Files

ddf4fbd4a0e3d049a4045359743bf1b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6e344391693b1651eb8a01b91202e13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\EITreleases\EIT-2.0\Distrib\free\build\ex_inst_toolkit\xinst_lzma\Release\xinst_lzma.pdb

Imports

comctl32

ord17

user32

MessageBoxA
wsprintfA

kernel32

FreeLibrary
LoadLibraryA
GetTempFileNameA
HeapAlloc
ExitProcess
GetModuleFileNameA
HeapFree
ReadFile
lstrcatA
CloseHandle
CreateFileA
GetTempPathA
GetProcessHeap
DeleteFileA
CreateDirectoryA
GetWindowsDirectoryA
GetStdHandle
lstrcmpA
GetLastError
GetProcAddress
WriteFile
GetCommandLineA
SetFilePointer
lstrlenA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ