0f41c83e86ca3b3ef36a1c1d6b35a745_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f41c83e86ca3b3ef36a1c1d6b35a745_JaffaCakes118
Size

512KB
MD5

0f41c83e86ca3b3ef36a1c1d6b35a745
SHA1

7dfb090fe2ad09d27553baaa59f1811a17fa7093
SHA256

7f2a499878d38e0180e81239b93034cf09f8eaf9b7f224419240291b12e2c266
SHA512

317cd475e1c246be583341020dfea3dd6851ed53af0b26bff99b253ad0a822469de550ca78afeda14ecda55df55aefe811d22202741beba9167ae3268e958248
SSDEEP

12288:q0hOz4iZFUqazuHcMY3K1wd7ETWsNAlGpwcPVXnQ:qxEiZme3JaGpwchQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f41c83e86ca3b3ef36a1c1d6b35a745_JaffaCakes118

Files

0f41c83e86ca3b3ef36a1c1d6b35a745_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faf64158f16112c3fd7f49615d362130

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
MoveFileExA
WritePrivateProfileStringA
FindFirstFileA
GetWindowsDirectoryA
GetVersion
RemoveDirectoryA
Sleep
GetFileAttributesA
WinExec
GetTempPathA
TerminateProcess
OpenProcess
GetStartupInfoA
GetModuleHandleA
DeleteFileA
CopyFileA
GetCurrentProcessId
CloseHandle

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCloseKey

msvcrt

strcpy
strlen
strrchr
strcat
_vsnprintf
sprintf
??3@YAXPAX@Z
_execl
fclose
??2@YAPAXI@Z
fgets
fopen
atoi
__p___argc
__p___argv
__p__pgmptr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE