0fd95208452a79192d15c9e09c4a754b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fd95208452a79192d15c9e09c4a754b_JaffaCakes118
Size

139KB
MD5

0fd95208452a79192d15c9e09c4a754b
SHA1

b23833646357c2e1ebbabdc0a53e60e6ea275f0a
SHA256

7386dc498a770313161ed20476137277c77706848e44a9af4a4f3655278530bd
SHA512

ccc75ed4908e1e9fa540bdf389efe9fdc2699b90bfaa2049f611969f841e8326c95657ea8af0c8fdee9271d335134649146574ca99fd1778161b827dff0ad3be
SSDEEP

3072:+3ZGEQArLVX7DOKbD6kGCXtuiKfSnehy2gGI5GFtGOc1:KZB593bD7FXMVWew99wtGOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fd95208452a79192d15c9e09c4a754b_JaffaCakes118

Files

0fd95208452a79192d15c9e09c4a754b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10939c448232afcb6d35974b6ceac3a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingSetAuthInfoA
NdrClientCall
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA

kernel32

ClearCommError
ExitProcess
ReleaseMutex
ClearCommError
CreateMutexA
GetExitCodeProcess
CreateFileMappingA
EnumResourceNamesW
CreateProcessW
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
MapViewOfFile

user32

SetTimer
CharUpperA
GetMessageA
PostThreadMessageA
KillTimer
PeekMessageA
CharNextA
LoadStringA

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ