3e964b65a7f7c368716e5f6987fdcecc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e964b65a7f7c368716e5f6987fdcecc_JaffaCakes118
Size

148KB
MD5

3e964b65a7f7c368716e5f6987fdcecc
SHA1

0a967c8792fe4ff28b82afd4ec772d73a978cf0a
SHA256

3d3cf08a6cb470679b9222362fbf04da08c72003d97e026a249ce933a9e3d92e
SHA512

4e5c38365b9e939efc9895822f1d32aeae344b6cb33f96520d4ff8e7514eabf84d6af4bf02b2df71bde32ffaa0e87a9f945e4908dd925e36d1975d46f56e174b
SSDEEP

3072:AgwCUXODfepC0KSUr85jC5XNuhr/qBIoqtN6UEvUNtOGSs2kk:nwmrepFm5duhmBIftN2UND/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e964b65a7f7c368716e5f6987fdcecc_JaffaCakes118

Files

3e964b65a7f7c368716e5f6987fdcecc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fefcdd163b1c7a380e21eec951f07627

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__getmainargs
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
??2@YAPAXI@Z
time
srand
rand
_snprintf
__p__fmode

kernel32

GetStartupInfoA
CreateThread
WaitForSingleObject
OutputDebugStringA
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE