f4768036bec1c9a6270d2c3350aa6fb6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4768036bec1c9a6270d2c3350aa6fb6_JaffaCakes118
Size

32KB
MD5

f4768036bec1c9a6270d2c3350aa6fb6
SHA1

f8fd5405581734c4e77a71d3cf127ee34a7bdc5d
SHA256

6ebb148315bc22f81d7197be914cdfdcd0de4e8edab24aa52df5783b5e7fde1e
SHA512

5d45343a5e72384468a3586766ca0884a7a5a19fad4ac7143c2aab2c8bc9f3bf4c670d120e8a2619b549fe61bee244a2b95d61bfa8bcb436bb5f463a95efaa1f
SSDEEP

768:CORJer5BxuQqULI7EF3fLPb8vqCBpLCXcTcCnrqHTe7BHcx:XJ2ID7Ex7LCzCahb7BC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4768036bec1c9a6270d2c3350aa6fb6_JaffaCakes118

Files

f4768036bec1c9a6270d2c3350aa6fb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1738985ef3490ee0e357401a5c199c8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE