dfd485cf1a13dc99fdd91f3c3593a6d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfd485cf1a13dc99fdd91f3c3593a6d7_JaffaCakes118
Size

8KB
MD5

dfd485cf1a13dc99fdd91f3c3593a6d7
SHA1

bc35542b50e64f7d34a6676c92950b18ef0b3cff
SHA256

9864b919d62997d94034a045270ece9be48b5058946a164d800e4eb4ccec9456
SHA512

bb63b92b9c86c30181718c67179b5d56b0544be17537cc288c8dcb163ef7df72d63436d181cb2a68c76640281c7bd37f6850844a4f94bb56355faf2b7a638119
SSDEEP

96:nPZ5ye242aytEx3ThfKruW+3cGe2WQLeS9vKOKPAq:nr92s5lfKrUs1LIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfd485cf1a13dc99fdd91f3c3593a6d7_JaffaCakes118

Files

dfd485cf1a13dc99fdd91f3c3593a6d7_JaffaCakes118
.exe windows:1 windows x86 arch:x86

86f099208681b4734537bd1d41d17012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CopyFileA
CreateFileA
ExitProcess
FindFirstFileA
CloseHandle
GetWindowsDirectoryA
SetCurrentDirectoryA
WriteFile
WritePrivateProfileStringA
WriteProfileStringA
GetCommandLineA

user32

MessageBoxA

shell32

ShellExecuteA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ