4479c7e0282f2d5564624fd073b39b89_JaffaCakes118 | Triage

Sharing

General

Target

4479c7e0282f2d5564624fd073b39b89_JaffaCakes118
Size

741KB
MD5

4479c7e0282f2d5564624fd073b39b89
SHA1

3735d0af22fb897efc54d2c5706bdf3aa7c8e777
SHA256

393ec1944694bf2fb3fcfecc4f2d9ffdee63600d1ebf04fcd2fb4fd1aff59ce4
SHA512

7942b8fe79c7527c78ba005d565d07f78c701c7fc5157ceaa9f42f6d99fb51fb9dfd7a8d1a449485681348da39879ed8a461e2fd067feaf5df329deef846bca1
SSDEEP

12288:738BDDHvGUMBYlraGpD/HQ/f9WMOeu6ZZZgJrXn6gOtSddGlyzVCAAPI/l6+P:LkurYlGG5/HkBOI/ZSrqgZCAzbvl6w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4479c7e0282f2d5564624fd073b39b89_JaffaCakes118

Files

4479c7e0282f2d5564624fd073b39b89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36b1d5fd3e5cb7c20043ebc082e6735b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
SuspendThread
AddAtomW
CreateFileA
GetFileSize
GetEnvironmentVariableA
InitializeCriticalSection
HeapSize
ResetEvent
ReleaseMutex
GetTickCount
GetStartupInfoW
FindClose
GetModuleHandleA
WaitForSingleObject
SetEndOfFile
HeapDestroy
CloseHandle
GetTickCount
GetCurrentDirectoryA
ExitProcess
CreateMutexW
GetSystemInfo
FindClose
HeapCreate

wininet

FtpGetCurrentDirectoryA
HttpQueryInfoA
DeleteUrlCacheEntryA
FtpGetFileA
FtpFindFirstFileA
FindCloseUrlCache
FtpOpenFileA
HttpEndRequestA
FtpDeleteFileA
FtpPutFileA
DeleteUrlCacheEntryA
FtpCreateDirectoryA
DeleteUrlCacheEntryA

perfos

CloseOSObject
CloseOSObject
CloseOSObject
CloseOSObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ