f64c83274571481b7231a25db102d54e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f64c83274571481b7231a25db102d54e_JaffaCakes118
Size

8KB
MD5

f64c83274571481b7231a25db102d54e
SHA1

91d5a7cd35ef4d0db02470be97517159466b830d
SHA256

224d83c5b2b1d050db89505ede54a364a4fa02047dd8a98c269ae801b082fc9e
SHA512

667d936ef19ffcf6a7d626df8d908c38f5b65d8480c6ef15579eab9dc767b6ed00ec0a3ef19636525204350c7d581a2870a2c60b3dbcd25016ace876352ef754
SSDEEP

192:nqsf7SYVV+xBVzrrrrrrrBN39jnjnjnjnjnjnjeB1NLWqccysMPKnxZ:qiip5d9jnjnjnjnjnjnjWttylPKT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64c83274571481b7231a25db102d54e_JaffaCakes118

Files

f64c83274571481b7231a25db102d54e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99b83e42dca5d2bd2b97d560051d218c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugBreak
DisableThreadLibraryCalls
EndUpdateResourceA
EscapeCommFunction
FlushConsoleInputBuffer
GetCPInfo

msvcrt

?_query_new_mode@@YAHXZ
perror
setlocale
strncpy
strcpy
tmpnam
ungetwc

urlmon

HlinkGoBack
URLOpenPullStreamA
UrlMkBuildVersion
GetClassURL
GetMarkOfTheWeb

user32

ClipCursor
CloseWindowStation
CreateDesktopA
DlgDirListA
DrawCaption
EndPaint

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE