ab7757c7e52a44d863ed1eb6ff668df4_JaffaCakes118 | Triage

Sharing

General

Target

ab7757c7e52a44d863ed1eb6ff668df4_JaffaCakes118
Size

92KB
MD5

ab7757c7e52a44d863ed1eb6ff668df4
SHA1

73ba9d9eae8ed68f6da5d78649420e16d0ddaeb8
SHA256

067c4e20d2a072a01e4e90239c1b6dd04525db2cfc2d71f08bcbd25132f61165
SHA512

25ff617bcff4b1c03d842a35525b374bb0f98b5ebdb79b74cbca4220d869c7475c45b09776909ae574b2230de73121ce5e23de0f5ed0b25ea4c417adc876ff97
SSDEEP

1536:t383ip+GqgeHQuvhEIuxTnTZZcM0ih40PcX+Fh+qs8YZioTdNKzARHk333P9s4+g:t383nwuOIuNnNZcM0j+w8hoqY691P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab7757c7e52a44d863ed1eb6ff668df4_JaffaCakes118

Files

ab7757c7e52a44d863ed1eb6ff668df4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

18a78e839cba85e6cf2174076d90e187

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsCharUpperW

shlwapi

StrCmpLogicalW

kernel32

GetConsoleCP

Exports

Exports

RoamingTraiI
?ImpactDS@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I
?JoinLower@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.write
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.read
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ