ea790596e4ecc17a836d35f4aa23cf8c_JaffaCakes118 | Triage

Sharing

General

Target

ea790596e4ecc17a836d35f4aa23cf8c_JaffaCakes118
Size

36KB
MD5

ea790596e4ecc17a836d35f4aa23cf8c
SHA1

eb1de29f1f74344560ee26d26a56e2abf6e5b4d9
SHA256

0f9c2662f4670462f49177dd71ba37c890c90f0a1dfc1a38c8fad80a3ec6280c
SHA512

7a0a98848338938dd817a45924c210b61c2266a3846e40fef8ee6c5817ba9297a093fbd01c77c3e57642d50be4671908af88df1625a4359acf45707fc3d627c8
SSDEEP

768:Q9NeJfEnRW5GqU04IlzTlsgHen1we5TQO87/wqqrrIq:Q/9n7pRIBZyn1weNlEq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea790596e4ecc17a836d35f4aa23cf8c_JaffaCakes118

Files

ea790596e4ecc17a836d35f4aa23cf8c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

62b21016a7750f08da3e8c714797aa66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_stricmp
_except_handler3
strncmp
_iob
_errno
wcslen
__p__commode
__mb_cur_max
_initterm
free
??2@YAPAXI@Z
wcscpy
_pctype
atoi
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strchr
toupper
exit
__set_app_type
??3@YAXPAX@Z
__p__fmode
_acmdln

kernel32

GetProcessHeap
GetLocalTime
InterlockedIncrement
GetCommandLineW
GetACP
InterlockedDecrement
GetStdHandle
GetThreadLocale
InterlockedExchange
lstrlenW
HeapCreate
GetStringTypeA
WriteFile
GetTickCount
FindFirstFileW
GetVolumeNameForVolumeMountPointW
CreateEventA
GetSystemDirectoryW
GetLocaleInfoA
CreateMutexA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ