f52902c3ea6fd83e5414275200cfae41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f52902c3ea6fd83e5414275200cfae41_JaffaCakes118
Size

184KB
MD5

f52902c3ea6fd83e5414275200cfae41
SHA1

53d7f9c861f30ff76fd04026009d990e0d745028
SHA256

96bf95b5e1d86e0efdfa2eb92672623c37a6b561a782e53b387295b3b0c9ada2
SHA512

cc61633b502995ec75503503271605e055b272ba5be54c35f445f4b5df4a70670e18a9d3b5153e97fcf50f58a5b4409d5ebbbbcaecf141b006ceb6fc1315ff2b
SSDEEP

3072:9ktXIcji5zaNvbXwon3YnHwKqSnZJN3p/3rKkKofH7CqjXs615vJKfkSCfWgHBw1:eXnqObX5upqMJT3rkiOq7s615S5Cmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f52902c3ea6fd83e5414275200cfae41_JaffaCakes118

Files

f52902c3ea6fd83e5414275200cfae41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a14092c49a890528e162b4526636c906

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
Heap32Next
ExitProcess
GetCommandLineA
GetDiskFreeSpaceA
GetVolumePathNamesForVolumeNameA
ConnectNamedPipe
DeviceIoControl
GetSystemDirectoryA
IsBadCodePtr
DeleteFileA
FindClose
GetFileAttributesExA
InterlockedExchange
OpenEventA
EnumTimeFormatsA
GetProcessIoCounters
OpenThread
lstrlenA
UpdateResourceA
VirtualAlloc
GetCommandLineA
DeviceIoControl
SetLocalPrimaryComputerNameA
BuildCommDCBAndTimeoutsA
AddConsoleAliasA
GetVolumePathNameA

ws2_32

recv

Sections

.itext
Size: - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 156KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ