fb102f90bcb584c00dd99b5bb0904e72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb102f90bcb584c00dd99b5bb0904e72_JaffaCakes118
Size

20KB
MD5

fb102f90bcb584c00dd99b5bb0904e72
SHA1

00cb0badb80c9e16dda6b2a5b50d81aababd8d2e
SHA256

2ccb76c64ab9209a504bb8f62de6f0fa27a41d76240e27366286edcabade0c3a
SHA512

990bf905fc60bacbe966631a51a1f8d42abd8147f9691f6d9da91f1b0081d8b63a8c29f33f01eae87eb2f8d117fb9cede8267449350df3beec342461bf5f2fa4
SSDEEP

192:y7HSbKUx3wT5TJ5OFH5OHDHgtFHJaC1pYS4qzj2YyOVl3AkapeG0clRCD/S:j3g5FMFHsHDHgtF4CPr3c6AfpT7EzS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb102f90bcb584c00dd99b5bb0904e72_JaffaCakes118

Files

fb102f90bcb584c00dd99b5bb0904e72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d228b11d468884148903f91c523d1b2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CopyFileA
CreateProcessA
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetModuleFileNameA
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
SetUnhandledExceptionFilter
Sleep

msvcrt

_open
_strdup
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
exit
free
malloc
memset
signal
sprintf
strcpy
strlen

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE