e2104356055c7af56eac9c9e46c5ae28_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2104356055c7af56eac9c9e46c5ae28_JaffaCakes118
Size

200KB
MD5

e2104356055c7af56eac9c9e46c5ae28
SHA1

4b9dcd5cf8cea1b8864ba10217cf208066f6575f
SHA256

90077ca0392ab45ba9b2bda96fefe114a1f419a1e44fa96133bd6d8673b73e66
SHA512

d24c5d4e6c55ddf3bc3cec0dc8fa1f5377e66cf602c72e73b37fa39bbe84bce8fe16ac6077e21f0d79c7dd1948142eb936cc558d96592817a910bf08ffb16119
SSDEEP

6144:vxfTI9u5oqdIf80XzaRwbZKfXPFBGnP0Q7P:JfTIIoqm84a6K/PFBGBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2104356055c7af56eac9c9e46c5ae28_JaffaCakes118

Files

e2104356055c7af56eac9c9e46c5ae28_JaffaCakes118
.exe windows:4 windows x86 arch:x86

123baf1bb8fe402df13739591f0fae05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\DotNet.Project\XFMAS\XFMAS\obj\Debug\XFMAS.pdb

Imports

user32

MessageBoxA

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA

Sections

.text
Size: 22KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE