ead6112ec379a1e9b2d65067292a368c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ead6112ec379a1e9b2d65067292a368c_JaffaCakes118
Size

85KB
MD5

ead6112ec379a1e9b2d65067292a368c
SHA1

364a08956711038a7cc59a298d6b79830a2abf6e
SHA256

5a6e087e5ba814e2d99311c2da2107071785fd886af685099fa67b6a3d3fe32f
SHA512

0e8420a0a6619eeba927ad624e9174abd4d541f556b8f379d878074dd34590e154de9f64052102c6c44b288655d0b24ca07f177c7e1279b231a6730c086291c9
SSDEEP

1536:XLWUYSv3DVuJbxV6UMO+NvatTruSG5E6w+ln3ZsL:XLvh8Jb3zzwvalM1xlne

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ead6112ec379a1e9b2d65067292a368c_JaffaCakes118

Files

ead6112ec379a1e9b2d65067292a368c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02e5d4defbe79333a945748a4a6810c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
??3@YAXPAX@Z
_ftol
memmove
modf
??2@YAPAXI@Z
strrchr
rand
strncpy
srand

shell32

ShellExecuteA

kernel32

GetEnvironmentVariableA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WriteFile
GetTickCount
CreateFileA
GetFileSize
WinExec
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile

user32

wsprintfA
MessageBoxA

shlwapi

PathFileExistsA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE