e0c878df6f9eb83aef4e9bf8969ef881_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0c878df6f9eb83aef4e9bf8969ef881_JaffaCakes118
Size

19KB
MD5

e0c878df6f9eb83aef4e9bf8969ef881
SHA1

8259afa12531b6115e92ccd488d68ed1103c6903
SHA256

0091ba04693db5e66bdd6d35dcf8d8e0d729cb14e17434ba7d1e9b638fdac4ca
SHA512

d5569cd1339d8c8c06246c7b05aed0bb6fa37d61491aa940affdadafaf9f6d5c340996f4d6181798ce44c93cb325f95d932e68d407423adccaae2015d04da9fb
SSDEEP

384:J8O3nV+3o8jMjCYAD4uZOssxtXl343KOlXBocZYINbul0fG34o:9s3o8jMjCYAD4uZUxH3GXBocZXNql0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c878df6f9eb83aef4e9bf8969ef881_JaffaCakes118

Files

e0c878df6f9eb83aef4e9bf8969ef881_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f3e065f0a514ad4ab1a46396e694dc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
CreateEventA
GetFileAttributesA
lstrcatA
GetProcAddress
WaitForSingleObject
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetTempPathA
lstrcpyA
lstrlenA
SetFilePointer
LoadLibraryA
CreateFileA
SetEvent
WriteFile
ExitThread
GetVersionExA
CreateThread
ExitProcess
RtlUnwind

user32

PeekMessageA
CreateWindowExA
TranslateMessage
ShowWindow
MsgWaitForMultipleObjects
DestroyWindow
CharToOemA
SetThreadDesktop
CreateDesktopA
wsprintfA
DispatchMessageA

shell32

SHGetFolderPathA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ