3bca3bb6db139ff7f8d58911bda09a13_JaffaCakes118 | Triage

Sharing

General

Target

3bca3bb6db139ff7f8d58911bda09a13_JaffaCakes118
Size

814KB
MD5

3bca3bb6db139ff7f8d58911bda09a13
SHA1

c18a543fe7827ef87a75f978c1d9b7fcebba42fa
SHA256

ae1d93c69df6889bb83f3b4ef4efc4a846186e18e271693fae0b9c9263c1f4fe
SHA512

9eb891cb07aba3acfd0e2043e124ac47dc3ed49733cd84511f79b05242fab0db6b84be31d33804c8fbcd37d0435e1a92c12d1365dd11dfcd163d5eb7637f53dd
SSDEEP

24576:L9H+8AsV9R7CuzhWsk8Cy6URtZV6dYkpqoPcvCU:L9edoc0WskQR0P0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bca3bb6db139ff7f8d58911bda09a13_JaffaCakes118

Files

3bca3bb6db139ff7f8d58911bda09a13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2fc775d32c1f82fb3ad3808384631b0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLocaleInfoW
GetPrivateProfileIntA
VirtualProtectEx
lstrcpynW
CreateEventW
GetCommandLineA
TlsFree
GetFullPathNameW
GetModuleFileNameW
GetStringTypeA
DeleteFileW
lstrlenA
GetNumberFormatW
FormatMessageA
GetModuleHandleA
GetCurrentThread
TlsGetValue
SetCurrentDirectoryW
VirtualFree

wmadmod

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

Sections

.text
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 797KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ