4239e99cae3b0631e56ec8d38e1a794f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4239e99cae3b0631e56ec8d38e1a794f_JaffaCakes118
Size

228KB
MD5

4239e99cae3b0631e56ec8d38e1a794f
SHA1

4ccf01c9e14259896c336275eda295f490d5be0b
SHA256

64379cc4f5166a6dafe5ffbe48990e53b0b1b639f68e6ca7a8425c25cb96a83e
SHA512

2ce9d9ca7db5963aec6c1bb9b886d4b1229622c9362e4bdf7ab5ef4e42574c1826df99f7b174ce8a056b4abafc6e2d2877d97cceb6af786071da1cd5a72ca92c
SSDEEP

6144:JNlxWwR0Sr5CzsiZzrq8n9pmnjhu0XgXz:xoqr8z1AI9pAjVwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4239e99cae3b0631e56ec8d38e1a794f_JaffaCakes118

Files

4239e99cae3b0631e56ec8d38e1a794f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75304ae288a3dbec6d8232cdfbe8d716

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\inetpub\Temp\96r1fm0b4rdsi8c01aoa5m0k06\Stub.pdb

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
_except_handler3
free
memcpy

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
CreateThread
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetProcAddress
VirtualFree
GetTickCount
WaitForSingleObject
GetCurrentProcess
IsDebuggerPresent

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ