28ed0ee909d66901871ef416715f23d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28ed0ee909d66901871ef416715f23d8_JaffaCakes118
Size

307KB
MD5

28ed0ee909d66901871ef416715f23d8
SHA1

457becc1f57c0b1cb64896cb760587aa30628ba2
SHA256

68f6a405fc16f32083a8d79c4256353d77c1b49f28fc88a599cf72cbd5417715
SHA512

e73d0a9c53ffa01d3eb2845aafcd451b9ef29033d2e5179f0258b83d241cd6a1e106342462d110d9e9ff9302c00062adf1c31312375fddc1fd67e12490f8453f
SSDEEP

6144:/kVzYVVoznCzO2y8yJxGDsQ90KvbO/qjiZC0e6TNN24KZP6:qYVVoLmvMJxGD6qWZn5KM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28ed0ee909d66901871ef416715f23d8_JaffaCakes118

Files

28ed0ee909d66901871ef416715f23d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

97390d1b5d847ba121f7a0ca691b8bd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
lstrcmpiA
GetFileAttributesA
Sleep
GetPrivateProfileIntW
Sleep
GetDiskFreeSpaceA
CreateDirectoryW
GetPrivateProfileSectionA
SetFilePointer
HeapCreate
CreateEventA
WaitForMultipleObjects
GetPrivateProfileIntW
InterlockedExchange
GetDiskFreeSpaceA
GetModuleHandleA
SetEnvironmentVariableW
lstrcmpA
LoadLibraryExW
GetPriorityClass
OpenMutexA
Sleep

catsrv

DllCanUnloadNow
CreateComponentLibraryTS
GetCatalogCRMClerk
OpenComponentLibraryTS

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE