28c01ea4eb6f4472c778889e39c66b40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

Reason

config extraction: Emotet: pe: invalid address

General

Target

28c01ea4eb6f4472c778889e39c66b40_JaffaCakes118
Size

57KB
MD5

28c01ea4eb6f4472c778889e39c66b40
SHA1

cc200939daf882284db95a4a4a05bdac87dc9ad4
SHA256

f4b6753ff5008a21bbf8938d0e0b42367c55371501dd4f647e789ea9b97ccb37
SHA512

c3afb9a8324f40ec1ee10acd037bc72672b0b680bc4edcc842ba0d7c730093a4dbaf1536b7ce8e95d64ab5c61d3deb815da65452069bcb61f3ecfc5e2a9ab5a3
SSDEEP

1536:7wPLxg+mZXTkZ/fkYmMTvPMIY35dOT6j1TLk5Y:02DXTkYML3Y3aWRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c01ea4eb6f4472c778889e39c66b40_JaffaCakes118

Files

28c01ea4eb6f4472c778889e39c66b40_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ