090d7148048d5e3f00339f4281005ac1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

090d7148048d5e3f00339f4281005ac1_JaffaCakes118
Size

39KB
MD5

090d7148048d5e3f00339f4281005ac1
SHA1

aa696d9707cf38af935b6cf98e2d3b5c7d32fab6
SHA256

a188a2fe5e474a772a168b84b9701256062af18d8dff4349c8cdf4172b104c45
SHA512

5d6d2bd232763e41a919a4b8c6d2ac0dbbffb514053513791e76fe4990517abcb4ec8645b56b2fb5b371d12ebc2d3100808591fb253f670b85172ebd5f137ca2
SSDEEP

768:Byh6EdiN1z7/js3hESjgChwFsy+EcRl7LClnCHbn:Os7/ILgChGFal7edC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
090d7148048d5e3f00339f4281005ac1_JaffaCakes118

Files

090d7148048d5e3f00339f4281005ac1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0478a6efd43b8a6595d8bee9c4d6c0c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetStartupInfoA
RtlUnwind

user32

MessageBoxA

crtdll.dll

_exit
_fdopen
_flushall
_fmode_dll
_getcwd
__GetMainArgs
_open_osfhandle
_setmode
toupper
atoi
exit
fclose
fgets
fopen
fprintf
fread
free
fseek
ftell
getenv
malloc
memcmp
memcpy
memset
printf
puts
raise
setbuf
signal
sprintf
_cexit
strcat
strchr
strcmp
strlen
strncmp
strncpy
strtok
time

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE