fa127883e2fd4c2f2cbfb3f4a67843f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa127883e2fd4c2f2cbfb3f4a67843f9_JaffaCakes118
Size

1.2MB
MD5

fa127883e2fd4c2f2cbfb3f4a67843f9
SHA1

10f8b8a35a5624938e20fb61394ba9bcf68dead7
SHA256

958e47ff47b3a369e72c7e22813d70bfc37098910338732ae954a5967dafe8a0
SHA512

8f02eae500469e5e70d151ecdc5904d4bd83bb2b8457e20bc45f77c6ca7a177d8d37e94131eaf91d8d5e814f7ce3bd36675664cdeebd60fc79c103fd910f7d9f
SSDEEP

24576:U18UXsDdzyyicRrZMpfLN5LenrebiIEBZM90Qy2MnyY0H0jGYC+hTVNcGSU:2rXmMyiZfuremI0ZU0Qy2q4uNcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa127883e2fd4c2f2cbfb3f4a67843f9_JaffaCakes118

Files

fa127883e2fd4c2f2cbfb3f4a67843f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec521ad46bc5d0291a574eab34e44360

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\inetpub\Temp\ul5qf47mqcdfpue216omoe1dm7\Stub.pdb

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
_except_handler3
free
memcpy

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
LoadLibraryA
GetProcAddress
GetTickCount
WaitForSingleObject
CreateThread
GetModuleHandleA
IsDebuggerPresent

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ