16db7186bbac5308d4733302c95ba01e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16db7186bbac5308d4733302c95ba01e_JaffaCakes118
Size

12KB
MD5

16db7186bbac5308d4733302c95ba01e
SHA1

3e6fdd1d7b2c74f7b3c4be3016c0444b555310ff
SHA256

7cf055f7ae2e9ccf72958ce7cd6b5db7fedb7d0f2ee63c826745661241036ad3
SHA512

9398d316559266ce6c9e59d7da5e6229e4651514eabf8e94ed8d2d8d04cc847c7fb22235b36fb7dde465b29b56b4b50ac73dc59bbc0ec64b33f6c16e4301350c
SSDEEP

96:4tHt3IuMcPtboyn4IguZs43FuZsTSWlt5uZsuwfcOlK:eP1oyn4YsqMsTDlasuwfnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16db7186bbac5308d4733302c95ba01e_JaffaCakes118

Files

16db7186bbac5308d4733302c95ba01e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d87a43520afd54c5e28a7daa3db55ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
VirtualProtect
VirtualQuery
WriteProcessMemory
Sleep
ResumeThread
CreateProcessA
GetModuleHandleA
GetStartupInfoA

comdlg32

GetOpenFileNameA

msvcrt

_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ