4413e56c28a8f2de1baceb209c63064a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4413e56c28a8f2de1baceb209c63064a_JaffaCakes118
Size

92KB
MD5

4413e56c28a8f2de1baceb209c63064a
SHA1

e55318121dc4ce1ebc2f2e24fc15476ab5515e8c
SHA256

6739a83c0bd8513be8ff4012aaf308f7e4481b88a935ba2b7528522223c896f3
SHA512

89971253829b21f78e67a1f58737fbea7b2bb44bfe1e5b77012c321068d98caaa38553e8cd7a9dc384569f5332eed5d7ce2627dbb319487e251f443038420f68
SSDEEP

768:2yyNAGxOzmppFRE925OrmaNctd1zSLOqMdd+KveSLcm+Jb3wfGXRwYmhV:JyNAdm7FREUydLOqMdbvGm+x3w+XWt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4413e56c28a8f2de1baceb209c63064a_JaffaCakes118

Files

4413e56c28a8f2de1baceb209c63064a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e4a01ecbcf85f83ab02aa6630c82f56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\temp\mboutg.dbg

Imports

kernel32

Sleep
GetLastError
VirtualFree
GetModuleHandleA
WriteFile
GetThreadPriority
GetProcAddress
VirtualAlloc
CloseHandle
GetTickCount
DeleteFileW
RtlUnwind
LoadLibraryA
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapFree
GetModuleFileNameA
ExitProcess
HeapAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

EnableWindow
SetFocus
SendMessageA
LoadBitmapA
DestroyWindow

ws2_32

send
closesocket

winscard

SCardCancel

Exports

Exports

?XM2LPARSE@@YAKK@Z

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ