08b282079cea28e9ff686193e1ed0800_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08b282079cea28e9ff686193e1ed0800_JaffaCakes118
Size

54KB
MD5

08b282079cea28e9ff686193e1ed0800
SHA1

3fce7eece604bc6ba5142c3bae094f59b51a6124
SHA256

477cc3f70c610025815b541b53a28220048383e001fa57b180c387c15b997dfe
SHA512

259909ec1558f557168ccae012ffc1ef84ea0dfb04a588225681aabce1954dce74f8817b558554ee00b0a511266dd1ffef7e4a821a1f134ebb00a680a7439a1a
SSDEEP

768:7BIGwiEz34S98fGdYoFUQTvpXchIElYJ7dW7k2bVfG5Uzdb8JxU59JIi1W9h/UsN:dIrNzoS91dYRAXiIE8Mk2b87PvX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08b282079cea28e9ff686193e1ed0800_JaffaCakes118

Files

08b282079cea28e9ff686193e1ed0800_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd5be1de6874049383dc52dc5de70006

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ReadFileEx
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
ExitProcess
FindResourceW
GetLastError
GetDiskFreeSpaceW
HeapCreate
GetPrivateProfileIntA
GetDiskFreeSpaceW
Heap32First
GetCurrentDirectoryA
GetStringTypeW
CloseHandle
WaitForSingleObject
lstrcpyW
GetExitCodeProcess
lstrcmpA
SetEnvironmentVariableA
ReadConsoleA

adsldpc

ADsEnumAttributes
ADsDeleteClassDefinition
ADsCloseSearchHandle
ADsExecuteSearch

clbcatq

CheckMemoryGates
CheckMemoryGates
SetSetupSave
ComPlusMigrate
DllGetClassObject
CheckMemoryGates
DllGetClassObject
ComPlusMigrate
SetupOpen
SetupOpen
ComPlusMigrate
SetSetupSave
SetupOpen

version

VerFindFileA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ