408a2cf60a7475df3da8bf4a62c7f753_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

408a2cf60a7475df3da8bf4a62c7f753_JaffaCakes118
Size

184KB
MD5

408a2cf60a7475df3da8bf4a62c7f753
SHA1

593b885eaac4df86a354c5b2934df95848344c1b
SHA256

01002f995056b9a502d46742be8566b4c0e8bce6cf5f29cbcbfee6f09f4bd65b
SHA512

b3c0f1383ab49d31315eb4fc7b02b1c1df3ce230d1f87a2e762ca329d67fe92a7dac30834c697b08728ebe620602ce639e8e84f69d918467effbe8612521efea
SSDEEP

3072:NHe4XNXBZe2rebugzvoG8soccN8hfllnA5iMue13J4heE+xW15GsMZRV001fz/l:NHv7AOaoMllmQ1Y3J4wEkIRUbfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
408a2cf60a7475df3da8bf4a62c7f753_JaffaCakes118

Files

408a2cf60a7475df3da8bf4a62c7f753_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1f5e858a4dc2ed39bdc611395b06f11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
SearchPathA
GetProfileStringA
PeekConsoleInputA
WaitForMultipleObjectsEx
GlobalDeleteAtom
GetVersion
CreateFileMappingW
DeviceIoControl
GetLongPathNameA
GetSystemWindowsDirectoryA
GetCommTimeouts
GetStringTypeExA
AddAtomA
GetFileAttributesA
InterlockedExchange
SetFileAttributesA
UnregisterWait
_lwrite
VirtualAlloc
GetLogicalDrives
GetDriveTypeA
GetComputerNameExA
IsProcessorFeaturePresent
SetFilePointer
SetupComm
GetCompressedFileSizeA
MapViewOfFileEx

wininet

InternetOpenW
InternetConnectA
HttpQueryInfoA
InternetSetOptionW
InternetReadFile
HttpSendRequestA
HttpOpenRequestA

Sections

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ