1396990bd51ceee934ee448dec22c3df_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1396990bd51ceee934ee448dec22c3df_JaffaCakes118
Size

248KB
MD5

1396990bd51ceee934ee448dec22c3df
SHA1

0ae8b421e1d19945565eb6189480edbd2bc1ceef
SHA256

bea587c8894b5df92ec5c730cb3756caf2222c302899116271e78b673da126c9
SHA512

fff41dc6f71bff36b9d2267db02bd40e3a5faf89a798b1d7ad0e76eec113a53a675d6875fcbc6420d2cb49b0b4468e659507d97d1a03b529667fae28b4fd2431
SSDEEP

6144:Nqdj2s/PXhtyN8/9Gnab3VfNMCCrUEDgs8:NqdKIPXqycablFMCZEDgs8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1396990bd51ceee934ee448dec22c3df_JaffaCakes118

Files

1396990bd51ceee934ee448dec22c3df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c176b7a6d57fd69641ccc11bdc202014

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoUninitialize
CoRevokeClassObject
CoInitialize
CoTaskMemAlloc

sisbkup

SisRestoredCommonStoreFile
SisFreeAllocatedMemory
SisCSFilesToBackupForLink
SisRestoredLink

msvcrt

exit
_acmdln
_XcptFilter
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
_exit
_ftol
_ltoa
__getmainargs

kernel32

LocalFree
LoadLibraryA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetProcAddress
GetSystemInfo
GetStartupInfoA
VirtualProtect
WritePrivateProfileStringA
GetModuleHandleA

Exports

Exports

Redshape
easeHow
evendraw
snowwe

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ