0250b4926e7bd5f3e000012170b30b99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0250b4926e7bd5f3e000012170b30b99_JaffaCakes118
Size

92KB
MD5

0250b4926e7bd5f3e000012170b30b99
SHA1

20d9070c3af062152121588a620689cf38379d18
SHA256

659cf97af1987aa05e1438257c8177ee7e354e31f0be0ab6c226f6495d9ce968
SHA512

d7f2aa1e8aa4fa555daf008a726b7ddbb3d0602a3a70550fbc805b71ad6d6acad567138486359cf2101edc86ad168335b2e70c7e418fdd5934b3eb4e7bb26877
SSDEEP

1536:JQmQP3dAk/KbKmb2GksPaELmEQ/zlGrzMRc++nfx50WBtyguFe8ceFAgrPuP:PQPN3bpzsPJNzIR+fx50AtbuFe8ceFAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0250b4926e7bd5f3e000012170b30b99_JaffaCakes118

Files

0250b4926e7bd5f3e000012170b30b99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fe99f8693bdcbd44f891d37c1a332b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
CreateFileA
LoadResource
GetTempPathA
GetCurrentThreadId
OutputDebugStringA
FreeLibrary
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
GetTickCount

user32

GetMessageA
PostThreadMessageA
GetInputState
wsprintfA

shlwapi

PathFileExistsA

msvcrt

_XcptFilter
_controlfp
__set_app_type
__p__fmode
_except_handler3
sprintf
memset
strcpy
_exit
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ