033763d30830068b77cada25ffa32c6e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

033763d30830068b77cada25ffa32c6e_JaffaCakes118
Size

216KB
MD5

033763d30830068b77cada25ffa32c6e
SHA1

a5112dda3a1fce152cc727d7e79a75767897313d
SHA256

b2e73e3cfed954c9f4e2b013d692f1273ef095f28b652e85297974f500e7d621
SHA512

d78e38c6ab4362237e3686d1f280010d85125e8485e6d21fb8058940042984941ef82e448067c42f142c7df05a7927f3efea7a84f5ed41f1904cf7e34012253c
SSDEEP

6144:0NGVcch78RAjuhFhEpLV94hL0+cbjm6aiSmxd9M+AAmA562en5:0ScO78RAjuhnE5fmLAjKVmj9GHAo2en5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033763d30830068b77cada25ffa32c6e_JaffaCakes118

Files

033763d30830068b77cada25ffa32c6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

320bb9fce5407ca0e9b96130620228b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

exit
__getmainargs
_initterm
_XcptFilter
_exit
__p___initenv
sprintf
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
__setusermatherr
_mbsrchr
strlen
strcpy
strncat
_purecall
_stricmp
??2@YAPAXI@Z
__p__fmode
_adjust_fdiv
??3@YAXPAX@Z
__p__commode

kernel32

GetLastError
InterlockedExchange
LoadLibraryA
RaiseException
FreeLibrary
LocalAlloc
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

??_7VgetLinkInfoCB@@6B@
?VexeVersion@@YIPADXZ

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 188KB - Virtual size: 492KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE