0dc881771c469d66d063dd75ca106515_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dc881771c469d66d063dd75ca106515_JaffaCakes118
Size

43KB
MD5

0dc881771c469d66d063dd75ca106515
SHA1

619bbb92d8c53ad3fe9078f7f1252c086379efb0
SHA256

0ec6472233ba8d67cb8cc73037270715c2a8be0ffc41432fba77a78629868f9b
SHA512

5bd35a94e64d3a3dcf6eae6cfbcbf92b9d9398cecc53115aa50789a7bff2026aaf476acbb245db501a1d3043dd1800764fce7f1f8d7f5aeb60a7e698de1cc8c3
SSDEEP

768:EbhX6YDtMCR5tp0SJ4xWljI0SefchJJ8Gu2nkqxISrdwa6lMp:S/zfaSexmI0LfchJJlt2SRAlMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc881771c469d66d063dd75ca106515_JaffaCakes118

Files

0dc881771c469d66d063dd75ca106515_JaffaCakes118
.exe windows:5 windows x86 arch:x86

def92802f332fb768bf4b831d040a1be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_wcsicmp
free
fputs
_except_handler3
_strnicmp
wcscpy
_errno
_pctype

ulib

?Strcat@WSTRING@@QAEEPBV1@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBAXKKPADZZ
??0STREAM_MESSAGE@@QAE@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z

kernel32

InterlockedExchange
GetStartupInfoA
GetSystemTimeAsFileTime
GetLastError
InterlockedDecrement
GetProcessHeap
InterlockedIncrement
GetThreadLocale
GetTickCount
GetCurrentProcess
GetStringTypeA
GetStringTypeW
GlobalReAlloc

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ