14e270da5d863fad46950889ffa3d47f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e270da5d863fad46950889ffa3d47f_JaffaCakes118
Size

69KB
MD5

14e270da5d863fad46950889ffa3d47f
SHA1

3a6e1077ca0122429499db7618261b640e21d7ab
SHA256

b2becebc37355137187bca5e76b9b2257749e8b3bd1ceac17fa114955eb4ede5
SHA512

1af1009e97d9cf09c3fc2a6304839beed0232236b3a009be9b810233d4ac7298f1ea1be37d9f434cc563791401e55130d8e6168f98121d81f04c749cd087d2b6
SSDEEP

1536:SNfcVv3FtucxzBplj93G0q8sMH1TFKdjNy/gFB:SVcVlxrltGJ8d4jYa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e270da5d863fad46950889ffa3d47f_JaffaCakes118

Files

14e270da5d863fad46950889ffa3d47f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ffa58c247196f3ad583489a44f02965

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
DeleteFileA
SetStdHandle
GetModuleHandleA
GetProcAddress
IsBadCodePtr
GetShortPathNameA
CreateProcessW
GetCurrentThread
VirtualProtect
SetFileAttributesA
EnumCalendarInfoA
GetExitCodeProcess
WaitForMultipleObjects
GetFileTime
GetTempPathA
GetVersionExA
GetPrivateProfileStringA
LCMapStringW
LoadResource
RtlMoveMemory
GetThreadLocale
FreeEnvironmentStringsW
lstrcmpiA
QueryPerformanceCounter
SizeofResource
VirtualQuery
GetUserDefaultLCID
GetConsoleOutputCP

msvcrt

_adjust_fdiv
_XcptFilter
__set_app_type
_exit
__getmainargs
__p__commode
_except_handler3
_controlfp
__p___initenv
_initterm
__p__fmode

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ