JaffaCakes118_4a89b54b02af16b27c2dad9252050cfb | Triage

Sharing

General

Target

JaffaCakes118_4a89b54b02af16b27c2dad9252050cfb
Size

96KB
MD5

4a89b54b02af16b27c2dad9252050cfb
SHA1

586e1e46f90c497ea5594f891f130a0748106572
SHA256

4af5dac10c3c76f351c7cde89c1a13c4d1e6e1e8a0fabab65bdf07964fb8e64f
SHA512

9548228ffc49825e9cf7a70192e74610e658f89c8b7e3210b7fac333ab79d32d3015b89a22b3b8ebc32aceb254ff135c4ba8bbafdc0e16b48b5e04ad12bf9877
SSDEEP

3072:xQsZkqLfuDg0PtOqzKONqsEykRLSDNo+:kqFStZzKqqsE6m+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4a89b54b02af16b27c2dad9252050cfb

Files

JaffaCakes118_4a89b54b02af16b27c2dad9252050cfb
.exe windows:4 windows x86 arch:x86

056d9b9e4e4d0b94131b46fe91becf14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
Sleep
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA

msvcrt.dll

memset
realloc
free
??2@YAPAXI@Z
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??3@YAXPAX@Z
strlen
_stricmp

Exports

Exports

Hai
wuhen

Sections

3k_Y>^2$
Size: 725B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SWRtQHH"
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

J<\*r0yp
Size: 2KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ