dedd9caacd42ca0bc3b2adf0ec03496e_JaffaCakes118 | Triage

Sharing

General

Target

dedd9caacd42ca0bc3b2adf0ec03496e_JaffaCakes118
Size

18KB
MD5

dedd9caacd42ca0bc3b2adf0ec03496e
SHA1

cdb2633274f3137d2fb495538300d55e32b72ad4
SHA256

4ecb766dac341e7fc4354a3bf30b2da4e9a163cecbabb4901d252ef6c7cadf8c
SHA512

4034e340c6c231912fc440063587400a4a44a790d1bc98ba2394bd4d703cd61d46ca2d576a6765ac6fc5b2babb958116fa7780136a9982f4d814e178ef8a396e
SSDEEP

384:3xI3YG6zn68Qf6O61uar3Wa4/LC8nefih3K9zdSXuMJ:heYGG68Qf6x1JGpDChfihikl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dedd9caacd42ca0bc3b2adf0ec03496e_JaffaCakes118

Files

dedd9caacd42ca0bc3b2adf0ec03496e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa9647a8cdd7ab3027e926176e02c58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
IsBadStringPtrA
GetNumberFormatA
GetPrivateProfileStructW
PeekConsoleInputW
GetCurrentDirectoryA
SetFileAttributesW
GetEnvironmentStringsA
FatalAppExitA
GetConsoleAliasA
GetShortPathNameA
ReadConsoleOutputCharacterA
FindFirstFileExA

user32

IsDialogMessageA
GetTabbedTextExtentA
GetPropA
LoadCursorFromFileA
LoadImageA
OpenWindowStationA
CharToOemA
InsertMenuA
LoadImageA
LoadKeyboardLayoutW

Sections

.rdata
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 962B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ