fb88249bc0980fbf85d9354fd2549d87_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb88249bc0980fbf85d9354fd2549d87_JaffaCakes118
Size

112KB
MD5

fb88249bc0980fbf85d9354fd2549d87
SHA1

00d79bc49c3cfe4580269537a134d5c6a4e834ac
SHA256

18a70db320b144fcf7fcf9535cb7e21bf48ceb4ccadb287f8615dc8019444253
SHA512

e49e91f2b5d2c3750ec75e30e6f0168671dc07641fb4610016363094c2ab9d9f5deffa46b96369324abbac0233b751b6783b887efac797a7d94a07ca983fe5ee
SSDEEP

3072:xPR1V/O4KlTsbrMzcV2S5KhifyCTxX55g:3a7d4fvxX5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb88249bc0980fbf85d9354fd2549d87_JaffaCakes118

Files

fb88249bc0980fbf85d9354fd2549d87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ed79a37eed2b3834eb76f7753c4c1ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualProtect
GetModuleHandleA
GetProcAddress

user32

wsprintfW

advapi32

RegCloseKey

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 109KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 699B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pepack
Size: 17B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE