ff516a905104830b9f0370089a735709_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff516a905104830b9f0370089a735709_JaffaCakes118
Size

4.4MB
MD5

ff516a905104830b9f0370089a735709
SHA1

7a4c7851d5ac1f89d3216f43d1ad3bb37e7072d4
SHA256

08b13617079882778c2fb67f2a37228b9873db52099df57edaaa63ef7dfe6ea1
SHA512

2798ff6d8c1bd2436799d14dce5f1770632989196864ad581cc0cbb3e7ac368ebf1e8d194cdaec3e45288d93a1f9495e487e1a61fa7f2eaae7b2b688d2f52b4c
SSDEEP

98304:doYhSyuV3ddSw7My0AAewqlo/+SJbXbGwDuljIMX92jIr:hFcdSAA2o/RNXVfMsA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff516a905104830b9f0370089a735709_JaffaCakes118

Files

ff516a905104830b9f0370089a735709_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef33d20ab851f174cdd759e358c92fc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateProcessA
ExitProcess
GetTempPathA
_lwrite
lstrcatA

Sections

.text
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 375B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE