fd3156991657239be954ca789704b5cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3156991657239be954ca789704b5cb_JaffaCakes118
Size

203KB
MD5

fd3156991657239be954ca789704b5cb
SHA1

e17e1e68d3ca721c74bf2cea65dde3524b5981a4
SHA256

d53b275b0edd80dafea6025a9cda1d995f3f83ac4c261c842a9cc88f06db7ab5
SHA512

3c26f6dcfb4b1145e12ceec668e5d9749a83bda8f39ec3d01749dc55e70675a82c1e5b085d521a38aa94517458caa0a53304cbc1224c44c3faa3a6779ab570eb
SSDEEP

1536:6URjsYDtXptH5NwCes0GUEQZwaKH3xm4KZtLsi4mJMo6C:Ffx0FKqubP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3156991657239be954ca789704b5cb_JaffaCakes118

Files

fd3156991657239be954ca789704b5cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9df8d37e08c353de16035df9650220fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

ObtainUserAgentString

kernel32

LoadLibraryA
GetLocaleInfoA
GetVersionExA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
Sleep
DeleteFileA
GetCommandLineW
ExitProcess
FreeLibrary
GetCommandLineA
GetModuleFileNameA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetStartupInfoA

user32

wvsprintfA

shell32

CommandLineToArgvW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE