18192a48736da0884f388a5b0a728eae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18192a48736da0884f388a5b0a728eae_JaffaCakes118
Size

76KB
MD5

18192a48736da0884f388a5b0a728eae
SHA1

655d84a1af3e6f9c134af69be66516551a941f18
SHA256

0a63ee62f86864bc5341e766c3b5db7d314b0aebfcc20b7180a313448897a941
SHA512

21d8e80726df792c94af80c441b3f009e889469f936d83f62a13ffe31118707e54fbd08dfbb6b6f95c0d9d3286e2eccd96c1d3bfb993a1ac5fcf10e8ac1bd6f4
SSDEEP

1536:s2tmzeQR+VsDH117SkPoHO8Cic1r7XDhLJS8xw53pjjWpjVrs2ryrd1vUQuq6:sc8eQR+VsDHOkPo+i6r7XDnx23pOHs2N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18192a48736da0884f388a5b0a728eae_JaffaCakes118

Files

18192a48736da0884f388a5b0a728eae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed1f508d964adfaad62afd9af63afed8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
EscapeCommFunction
IsProcessInJob
_llseek
GetDefaultCommConfigA
FindFirstVolumeMountPointW
Process32Next
GetLongPathNameW
FlushFileBuffers
CreateNamedPipeW
CreateHardLinkA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE