fa939c448cc60cd3384d195b786542a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa939c448cc60cd3384d195b786542a8_JaffaCakes118
Size

58KB
MD5

fa939c448cc60cd3384d195b786542a8
SHA1

62f9fb45e1d5d565dc8cc61864fd0aafa8b5e93a
SHA256

0a6e6d7e243cec4318a0f1d1e3775fdec4db4545e6a4bd0d5d4f2ff9ecc1a172
SHA512

a561d8aeb713036146d63c9ad2fbb3ebc82a4e88d9368f6f796340fc346e2c64a0b61df2f2873fda95b6e5958d5423b2e02c6a55885578d934c04e24101e0f9b
SSDEEP

1536:1SNRK/A4RzJjmE9u6zJu6TLzhzKtAPP8m+/dqpO0jJBr:1SS1tb7DcSPP8bYpO0jJh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa939c448cc60cd3384d195b786542a8_JaffaCakes118

Files

fa939c448cc60cd3384d195b786542a8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

5c8cb4a50fcf4f2bf25cdfbfc32370e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

user32

MessageBoxA

crtdll

_iob
_itoa
__GetMainArgs
_stricmp
_strnicmp
toupper
abort
exit
ferror
fgetc
fputc
fwrite
localeconv
memcpy
memmove
memset
pow
puts
raise
signal
strcat
strchr
strcmp
strncmp
strtol
ungetc
wcslen
wctomb

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 676B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 944B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE