488a1cd58258d1490a872e4913d77f96_JaffaCakes118 | Triage

Sharing

General

Target

488a1cd58258d1490a872e4913d77f96_JaffaCakes118
Size

109KB
MD5

488a1cd58258d1490a872e4913d77f96
SHA1

985b96125d50eaa09c1ba315e8a49d6877cab335
SHA256

2da11b31550df4ff9cffb6ff6373257f9fa3c35b3efb0811d0f5f5e78907fb24
SHA512

10bc8e6dd85a024456329248ce06761dc500ca0d663b01b0a562705d046cd607b772b552c4354d75938e64e63dfbf5d2daf047e0b8c146e070e1fcf9bf67f9f8
SSDEEP

3072:RBjSwT37RZkxQL+C/xCzVuhK39c3zPtJum2dH:32U75aOxCzocc32Dd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488a1cd58258d1490a872e4913d77f96_JaffaCakes118

Files

488a1cd58258d1490a872e4913d77f96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d82ac2a88c2b8acb2cb5ecd5b1c1e7c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
SetStdHandle
EndUpdateResourceA
ReadFile
GetStdHandle
CreateWaitableTimerA
GetLastError
lstrcatW
CreateNamedPipeA
GetModuleHandleA
GetDriveTypeA
GetLogicalDrives
GetLocalTime
GetBinaryTypeA
SetLastError
SetPriorityClass
GetTickCount
GetExitCodeProcess
GetPrivateProfileStringA
GetConsoleTitleW
TlsAlloc
lstrcmpiA
HeapCreate

netshell

DllGetClassObject
HrGetIconFromMediaType
HrLaunchConnection
NcFreeNetconProperties

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dataz
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpcx
Size: 1024B - Virtual size: 521B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ