ebc5e7b144c78ae185cdc17e4d52dda2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebc5e7b144c78ae185cdc17e4d52dda2_JaffaCakes118
Size

169KB
MD5

ebc5e7b144c78ae185cdc17e4d52dda2
SHA1

936b4460b835741e107a0ad996431a80586e7c38
SHA256

b21fd9061798a903807e9e5884a7a395e7edd97b2f53f49df1905a9da9b1df25
SHA512

e5814b53440c0ee44118b71a6ebd9fd9e99ea2b6e0f79c250c5e0856c53bc94c75052214a7f04caa9bec41faed87e1b2ed50a44054aef8eb6534627d2c7c69e3
SSDEEP

3072:z+YMg+8sErR//aEqNUcTEP3ZME0sMC8vfsafueeIAH6kWjRlf2KGzmCnsYlQQnt:6Ct//k+77MCkfPQIzHGzmcz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Outlast _2.exe

Files

ebc5e7b144c78ae185cdc17e4d52dda2_JaffaCakes118
.zip
Outlast _2.exe
.exe windows:6 windows x64 arch:x64

a06e13827a739430c3a9d205ad6a6d8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA

user32

CharLowerW

advapi32

GetUserNameW

shell32

DragFinish

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE