0874df729c0fcecb55b317d475968a50_JaffaCakes118 | Triage

Sharing

General

Target

0874df729c0fcecb55b317d475968a50_JaffaCakes118
Size

304KB
MD5

0874df729c0fcecb55b317d475968a50
SHA1

8cd7b3d8d061c14aff4213f03c848c86cc0366b7
SHA256

0fa26be4859af9ccd6bbec54a21dc37926b928f78cc9e420edca760b8907bb0f
SHA512

aee51ad958f6a34dc2a0c4ca5d06f9a81cd41e4319cb806a61ed18fede4553f751e67683c55744179469dbb2b8cd432b0a64f1a1d38e7e66271e93efcc8cb562
SSDEEP

6144:p8eqtg1bq4WlQm0ynvFwV0L9ZCTfW0FdZbXEKS9nkZTM1g:LqtgBq/+tA2VY9ZCyo1EKS9kZTMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0874df729c0fcecb55b317d475968a50_JaffaCakes118

Files

0874df729c0fcecb55b317d475968a50_JaffaCakes118
.exe windows:5 windows x86 arch:x86

968b8b53e9d988d97fd57063a08263bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
Sleep
InterlockedDecrement
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
GetDiskFreeSpaceW
lstrcpyW
SetEnvironmentVariableA
FindResourceW
lstrcmpA
Sleep
CreateDirectoryA
GetDiskFreeSpaceW
GetPrivateProfileSectionA
GetLongPathNameW
GetPrivateProfileIntA
LoadLibraryExA
HeapCreate
InterlockedIncrement
WriteFileEx
GetPrivateProfileIntA

apphelp

ApphelpCheckExe
SdbDeletePermLayerKeys
ApphelpCheckIME
AllowPermLayer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rss
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ