04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118
Size

120KB
MD5

04bf2aaa821bdaac3cd41efb4f147880
SHA1

2077c6792f1f6a3f1e45941d94a393d7c223b99a
SHA256

27e025db1f1b46c3c1d3ee6104cc7710de422653efd7e020166194adc3a307b7
SHA512

43580e172ba3a1974de5dc12dc0f6c7359204ac22f1e070eb5d4b4d8df8e1268cf787bcd02964db50446c008b49b5b371dc16ce73c8c57abd360dd8b74a09b34
SSDEEP

3072:3G3M81HR9+WI3AOntFR5Q/fi/DCyOpl5YrgPB:SXRQWmvKniCy0YMPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118

Files

04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118
.exe windows:8 windows x86 arch:x86

077425a3fff90d3bb74844915d50943b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
GetPrivateProfileSectionA
GetLongPathNameA
ExitProcess
Heap32First
GetDiskFreeSpaceW
SetEnvironmentVariableA
WaitForSingleObject
lstrcmpA
GetPrivateProfileIntA
GetModuleHandleW
GetStringTypeW
GetPrivateProfileIntA
GetCurrentDirectoryA
WriteFileEx
GetDiskFreeSpaceW
GetExitCodeProcess
VirtualAllocEx
LoadLibraryA
InterlockedDecrement
lstrcpyW
GetACP
InterlockedIncrement

apphelp

ApphelpCheckIME
ApphelpCheckExe
SdbCreateMsiTransformFile
AllowPermLayer

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE