4918b1d553b2550d21dfff58e579aff6_JaffaCakes118 | Triage

Sharing

Reason

config extraction: Emotet: pe: invalid address

General

Target

4918b1d553b2550d21dfff58e579aff6_JaffaCakes118
Size

60KB
MD5

4918b1d553b2550d21dfff58e579aff6
SHA1

c318c96f1e165a0fcb08c328a7330de0fef76fc9
SHA256

86f9aa60e93ffc3bec9f3a73c30f518d2e09452cb252327dfb9ca8923dffe65f
SHA512

77fbb49a8eb3c2db1938ecb97cf36a84cbc075d4b0c8ac74ee70b480bc9bf4a3208eea09237ab14e84f15c7b4f4aca5532fdc0337ab5e0f64c446bd6a376f7e2
SSDEEP

1536:H9OYUySlM0GPQkP+fkUI6isWJ9NGFQRE13zdPBOpEK6C5:w3oPQkP67CDhA3zdP4pL5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4918b1d553b2550d21dfff58e579aff6_JaffaCakes118

Files

4918b1d553b2550d21dfff58e579aff6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ