11db2a39ab0be2cfaab3c09fc26ac3c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11db2a39ab0be2cfaab3c09fc26ac3c3_JaffaCakes118
Size

187KB
MD5

11db2a39ab0be2cfaab3c09fc26ac3c3
SHA1

570063c70e92aad971fc8eb6f3d304038641f655
SHA256

807a67b1db9b74a0cf9310da79280530139fabdb7feeb5cbb67e20566ea5f661
SHA512

c28d8acd090a8eb24d89c4d6a005b322fe78e077f4fe40d4514b7ab3fcc91746e64fe4ce19bef43c829b6530bdbc893c74633dcc80e198f28ede4190186e5fd5
SSDEEP

3072:aTL47ANw/M/vfL6TRo/0t51KvcEyPPeziR28fXezgDaP:qj+TiDvog9zgm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11db2a39ab0be2cfaab3c09fc26ac3c3_JaffaCakes118

Files

11db2a39ab0be2cfaab3c09fc26ac3c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d36a081c2e29304a4ba6ea70df181a6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_fopen64
_impure_ptr
_open64
_stat64
abort
access
atoi
calloc
close
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fgets
fileno
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getcwd
getenv
getpwnam
isatty
localtime
malloc
memchr
memcpy
memmove
memset
mkdir
pathconf
perror
printf
putc
puts
qsort
read
realloc
setlocale
sprintf
sscanf
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strlen
strncasecmp
strncat
strncmp
strncpy
strrchr
strstr
time
ungetc
unlink
vfprintf
vsprintf
write

cygintl-3

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetModuleHandleA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE