109cd95621c197dbe39eba1677c21448_JaffaCakes118 | Triage

Sharing

General

Target

109cd95621c197dbe39eba1677c21448_JaffaCakes118
Size

149KB
MD5

109cd95621c197dbe39eba1677c21448
SHA1

170ef87bd3d755a9c877b8f200f53dfe9f6ce3fa
SHA256

83a8c41981d26cc406dfff32804e6efd12cb698042b3a69630e41094a24396ac
SHA512

da49dbe036cc3ef5c72a2c318e3002175e4c9f9376f12739df025e8edbffdce34d178dedd26e516f4019ab0f1d97459b745f40b707ceba3305de1af85583067a
SSDEEP

3072:v7/64aQcwAAvVyxh4vQYVnyEByLpxW+sZ4:L6avsxhy1npK4N4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
109cd95621c197dbe39eba1677c21448_JaffaCakes118

Files

109cd95621c197dbe39eba1677c21448_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6039c26165040db47e28057ca34786ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
memcmp
strcat
isdigit
isspace
memcpy
rename
memset
_EH_prolog
__CxxFrameHandler
strcmp
strncpy
strstr
strcpy
rand
abs
strlen

user32

MessageBoxA
wvsprintfA

kernel32

GetModuleHandleA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
GetTickCount
GetStartupInfoA
GetCommandLineA
ExitProcess

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ