dde1778d160b2a2822bc89f141f55b92_JaffaCakes118 | Triage

Sharing

General

Target

dde1778d160b2a2822bc89f141f55b92_JaffaCakes118
Size

232KB
MD5

dde1778d160b2a2822bc89f141f55b92
SHA1

0517b846063dfbc8c1cc06da9b2818579b4d22ee
SHA256

c72f4b0ec5e830f823d8803584c61b2b66492586746ef72f545ab2f9bdc42b0a
SHA512

4776febb78402485429b30f09fbe76bc9f217267c4d6e2beb853fa0b95b9ee569d6bf5cbc9cc65acb5b5f9caa4e1dc4a76da2f63027fec11f96a475f81b1831b
SSDEEP

6144:knyKw55nK7CcbCHGLFhdlAXk3stFSuH0+SlQh:w6R0EIhdlV3stFDYCh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dde1778d160b2a2822bc89f141f55b92_JaffaCakes118

Files

dde1778d160b2a2822bc89f141f55b92_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6039c26165040db47e28057ca34786ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
memcmp
strcat
isdigit
isspace
memcpy
rename
memset
_EH_prolog
__CxxFrameHandler
strcmp
strncpy
strstr
strcpy
rand
abs
strlen

user32

MessageBoxA
wvsprintfA

kernel32

GetModuleHandleA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
GetTickCount
GetStartupInfoA
GetCommandLineA
ExitProcess

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

. rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE