11518498a20cca5c4e6f46acab7367e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11518498a20cca5c4e6f46acab7367e2_JaffaCakes118
Size

2.8MB
MD5

11518498a20cca5c4e6f46acab7367e2
SHA1

90cd22162affc1530ecf7c21a1cb84de388da4d9
SHA256

37577e7fa6d8d04c073aad062235293b55dc3b7d4942be790c97a9b60e905faf
SHA512

f93306fdeb68b76e52238772542961de475c6148675f00346790baf5400d7003d5abcd0f13884ae2045089f4b4673d485e68c8637b3f337ed9d24c0c261e01be
SSDEEP

49152:d1LWCWwRLBJEbuemBjdYQX5CGbJtRRFvvuMly+bo08vWdfj98SGFDW4zNZWCr:d1LCOLBJEOYQpT/LvvDly+kFedLKpNRF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WolF_.EXE

Files

11518498a20cca5c4e6f46acab7367e2_JaffaCakes118
.zip
WolF_.EXE
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 2.8MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE