04192c18ab0aebfa0e51885aa93d57f8_JaffaCakes118 | Triage

Sharing

General

Target

04192c18ab0aebfa0e51885aa93d57f8_JaffaCakes118
Size

116KB
MD5

04192c18ab0aebfa0e51885aa93d57f8
SHA1

88f4bfb03bc20a44c2ed085f91e477668a1b2645
SHA256

eacbe3d0a90d14786f5b841113cb72b30fb6edb0d99a2162653cced692525920
SHA512

252491e69fe75828232d9e063a30516254e22e0e0165e816b7d489d07a11dd992226b6f4cc8b60137dbebeb8760cf1c84cccc5da2d3a6a3303835c5214abf630
SSDEEP

3072:8BsqJVi+CbxfQ82f3Sjr7MEMlvAUBbOGU1:8BRTCpwPSgDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04192c18ab0aebfa0e51885aa93d57f8_JaffaCakes118

Files

04192c18ab0aebfa0e51885aa93d57f8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c0dcac3f5ebe5a3c502a3732c67d7e71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Desktop and Data\Screen\Chapter2\Log.pdb

Imports

kernel32

GetSystemWindowsDirectoryW

Exports

Exports

LoadArchitecture
?ArchitectureConnect@@YGPAEPAXJ@Z
?ArchitectureCreate@@YGPAEPAXJ@Z
?ArchitectureDestroy@@YGPAEPAXJ@Z
?ArchitectureGive@@YGPAEPAXJ@Z
?ArchitectureLoad@@YGPAEPAXJ@Z
?ArchitectureOutput@@YGPAEPAXJ@Z
?ArchitecturePos@@YGPAEPAXJ@Z
?ArchitectureRun@@YGPAEPAXJ@Z
?ArchitectureService@@YGPAEPAXJ@Z
?ArchitectureTest@@YGPAEPAXJ@Z

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cofr
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lwre
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lorw
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ