28d052fef974501ce6b641ac1f5b77de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28d052fef974501ce6b641ac1f5b77de_JaffaCakes118
Size

21KB
MD5

28d052fef974501ce6b641ac1f5b77de
SHA1

12062ab7862c86b8fc2445ec07ee07d40fcda9d2
SHA256

dbc2248a22dae0f41f757271e14e0fa7ce971b46458c2d45476d1c830b573e9f
SHA512

15acd098476b68df6bbf0677e8ba2f6293c368786a5e95d6763a0cd38c3409873e6523dc0d734e961ffdd304e7d57de4980416e70e924e205bbd23c203299c12
SSDEEP

384:6t0skUV21nWf/BCW0afHPWvwkOEltmwU7unX9CZWxzt1DxWfymWSj:BUg1Gp3HEnEuNLRr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d052fef974501ce6b641ac1f5b77de_JaffaCakes118

Files

28d052fef974501ce6b641ac1f5b77de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8b69e51d701f8ff14e5291272ea7c04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
CreateThread
GetTempPathA
WinExec
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcatA
GetSystemDirectoryA
CloseHandle
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DeleteFileA
GetTickCount
TerminateProcess
OpenProcess

user32

PostThreadMessageA
GetMessageA
TranslateMessage
MessageBoxA
wsprintfA
DispatchMessageA

msvcrt

fgets
fclose
strstr
fopen

Sections

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ