0e279e7e2db6573e54f7e63ebac237f8_JaffaCakes118 | Triage

Sharing

General

Target

0e279e7e2db6573e54f7e63ebac237f8_JaffaCakes118
Size

26KB
MD5

0e279e7e2db6573e54f7e63ebac237f8
SHA1

79e31c4de07ec6a9c30ae3e49d9dcbe80c38b716
SHA256

d7ee129459ec45cb73a5b1a8b1a880731564ae8d4da8fe4ff78632a780f7dc9d
SHA512

d2a7121df035b29c6e6d7d85aefb9315866d284af6ae8ff2a0cae5ec879a1f126ccec3edfb1a54b64616b115c1db0c6bda5f1c3623699c631c644623f5296a04
SSDEEP

384:NvgXfXKZ64yhFqndUvwrhrQSSl5H9fHmOoh2OqZw1KW9uhY:Kft4yh8dUvwrh8SUN9fHXozQwsD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e279e7e2db6573e54f7e63ebac237f8_JaffaCakes118

Files

0e279e7e2db6573e54f7e63ebac237f8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e071facc771d6f847bc2593ce30f72c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\sputnik.mail.ru\trunk\_out\RunProg.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
HeapAlloc
GetProcessHeap
Sleep
lstrcmpiW
lstrcatW
lstrcpyW

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 491B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ