fe8c782fbb939fcb68c39232e7d74063_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe8c782fbb939fcb68c39232e7d74063_JaffaCakes118
Size

16KB
MD5

fe8c782fbb939fcb68c39232e7d74063
SHA1

b561335de5da89a80e8532696213e1a85a7b5a41
SHA256

55129237affd40539daa38e4c6258b4de393b2c38f9a3daa5a7d12851d611b3e
SHA512

62ef66ba49b96844f23f0df7174c998298dde3f95c933d90b45a5d0be2a44283c0647b8fceea92e1666c9937d8385557037511cf9538ce7a099c39edfdd9fdb7
SSDEEP

96:1a25AYXmlyzR1gJr9OrkdiRdmi/9JGjbHpYp2i4nc4n54MHPtboynG7i:NOYWYkdiZlcbWYd2UP1oynG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe8c782fbb939fcb68c39232e7d74063_JaffaCakes118

Files

fe8c782fbb939fcb68c39232e7d74063_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24c9432e565f6e8d635b364bced380a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

user32

CharUpperA

msvcrt

__p__fmode
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
strchr
strrchr
strlen
toupper
fprintf
strcat
strcpy
memset
fopen
fclose
strcmp
__set_app_type

kernel32

GetStartupInfoA
SetCurrentDirectoryA
CreateProcessA
CreateFileA
GetFileTime
SetFileTime
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
DeleteFileA
SetSystemTime
Sleep
GetModuleHandleA
GetSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE