179680487558a29bcea4d8e8178a0ca7_JaffaCakes118 | Triage

Sharing

General

Target

179680487558a29bcea4d8e8178a0ca7_JaffaCakes118
Size

220KB
MD5

179680487558a29bcea4d8e8178a0ca7
SHA1

99038ba9bcfcab13a686de8ab11ed0891c74c3d6
SHA256

2b5c023c25af36dcfcf59a6b960065d709ee68e75419473681776561a037dbe7
SHA512

4ac6fec73e3a540cd81e435111dacd688d40556a80f27989bf338c7935a985e0e28dd855aa4fc8a21ea27a6792e409e643bd3981990252c28fb4284810dad75e
SSDEEP

6144:l1cLTFofH3UorgDHojaUX8j3G4fhMiJ8nnnng1wte39fDyelW0ixs0Jm651kgTOD:l1cLTsxywW3xfqiJ8nnnngaghDJ5ixJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179680487558a29bcea4d8e8178a0ca7_JaffaCakes118

Files

179680487558a29bcea4d8e8178a0ca7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b2630c60a5383e367c91f0c0765c8801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
ExitProcess
GetStartupInfoW
GetCommandLineW
HeapAlloc
HeapReAlloc
VirtualAlloc
VirtualProtect
VirtualFree
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcAddress
LoadLibraryA
GetCurrentProcess
CreateProcessW
CloseHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ