1345c2762b52fbb1c4e408a8d20b1eda_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1345c2762b52fbb1c4e408a8d20b1eda_JaffaCakes118
Size

58KB
MD5

1345c2762b52fbb1c4e408a8d20b1eda
SHA1

97f7f3e0737210b66b540b14ad45f16b6e8cd3f5
SHA256

b3e2b57ec5f3fadb95cfed7b71afabe83b88533f3c1fa8ff70b1d91cd083e6de
SHA512

4ce669275c9f9ade7ed8ff92389ae401ec7b5e9b88e2fc4852a17784ecd126c62f88202188b2825dfa723385d4f1b89ca0acad772d90dccb14489a4907af4458
SSDEEP

1536:O7wm2sDSwe1TqLNV4W8C+SkaIwdAT0WvGHj:O7wce1TqpV4MIwWQIY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1345c2762b52fbb1c4e408a8d20b1eda_JaffaCakes118

Files

1345c2762b52fbb1c4e408a8d20b1eda_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

7b5319935eeca175bda4cee511da73f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
atoi
strcpy
free
memset
sprintf
malloc
_snprintf
memcpy
strlen
srand
rand
printf
fopen
fclose
strcmp
_adjust_fdiv
strstr

kernel32

SetErrorMode
GetModuleFileNameW
GetCommandLineW
TerminateProcess
FindResourceA
SizeofResource
LoadResource
LockResource
GetTickCount
GetModuleHandleA
GetProcAddress
Sleep
GetStartupInfoA

ws2_32

send

user32

MessageBoxA

shell32

SHGetFileInfoA

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE