fcf49b22ed59d7ca10f24cdbcb60eb41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcf49b22ed59d7ca10f24cdbcb60eb41_JaffaCakes118
Size

76KB
MD5

fcf49b22ed59d7ca10f24cdbcb60eb41
SHA1

3e3608be21f94b28469ac7c023018175ca7929ed
SHA256

374ca555136e042b0e0e871f0887a8c7ff0bbb1cf3ec3d076280829af5faf807
SHA512

03c546974426ab92cad72fb57c5f7c2379d8d222136e781186a26540291755f2084de568cbe3bcea112b1655bb4a3c19b3e3513d265cf2944484b3cde1617bd5
SSDEEP

1536:83Jb3XWcRUoc0nmnb4XlfT8Q1lGHRsOrtjEeGjJBY8DmsjEErxTWDTMqhGKYIZTF:83J2cRUoc/8Xl1XYRsOJjE5jDvFjBkM+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcf49b22ed59d7ca10f24cdbcb60eb41_JaffaCakes118

Files

fcf49b22ed59d7ca10f24cdbcb60eb41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9b9650461531630d7fc5edab302a6e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpi
CmdBatNotification
RestoreLastError
MapViewOfFile
WritePrivateProfileSectionA
SwitchToFiber
GetFullPathNameW
CreateToolhelp32Snapshot
GlobalUnWire
VirtualUnlock
InterlockedPushEntrySList

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE