160b11975aea1ec2432c5c248181ada9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

160b11975aea1ec2432c5c248181ada9_JaffaCakes118
Size

14KB
MD5

160b11975aea1ec2432c5c248181ada9
SHA1

a6a45aa41de849b5a839bcba7e488b038d76c94d
SHA256

be98a0b1b021d330716504b6113dbbaf9fc4e1238195fde6e0de183b365fa196
SHA512

da5d618d19e7c59233c9893e7d1b2f1947dae8e5b3599810dcd2c7d5e1f57f2323bf72e5758ba21c87e253c7e0bc01918a6d1d3202705b40051874c11069fddc
SSDEEP

192:TA2FJzw/rEastRkg2AB+SJPZN+heMPcAzmNyw1OpMD+0VA9M99K:M2ArEaMl2AMSB+heMPvGR1ED0VY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
160b11975aea1ec2432c5c248181ada9_JaffaCakes118

Files

160b11975aea1ec2432c5c248181ada9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ec9d35fda8a083ac8dc974ef546ba35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strncpy
strlen
strcpy
strcat

user32

wsprintfA
wvsprintfA

kernel32

GetModuleHandleA
GetCommandLineA
ExitProcess
HeapCreate
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
WaitForSingleObject
Sleep
GetDriveTypeA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
HeapReAlloc
CreateFileA
CloseHandle
ReadFile
SetFilePointer
GetFileSize

shell32

ShellExecuteExA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flat
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE