28351e406cb56bbee806d1259daedbf7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28351e406cb56bbee806d1259daedbf7_JaffaCakes118
Size

244KB
MD5

28351e406cb56bbee806d1259daedbf7
SHA1

1248f9cda282f280d2cc670adf77d82945af8c4e
SHA256

e04d0d3cbb68eaa4b2e765b7ebf659ce93c44d51ba85f16279ee117653b34972
SHA512

1116005abc850895f4184d5a770b1ac87357d018f413f4246e8212fa708f99f6aec5687395fc8e1490cacd814ce022796ef8e5c9a0944f640548062480d7976b
SSDEEP

3072:eeA2yOwjBsbSotHRsFhjfpV5x9h/vRB8GSDdVNqTDBrcOV79xcVhlEoqjesYa6Ql:twBsbSotHETnx3/yoxdZKFK5B6vim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28351e406cb56bbee806d1259daedbf7_JaffaCakes118

Files

28351e406cb56bbee806d1259daedbf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

704530ea98f4d113cb51c175830ee0e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetCommandLineA
InterlockedIncrement
GetModuleHandleW
GetCurrentThreadId
VirtualProtect
TlsAlloc
HeapAlloc
GetModuleHandleA
GetEnvironmentStrings
RaiseException
GetCurrentProcess
GetLastError
GetStartupInfoA

msvcrt

_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
_XcptFilter

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ