6028922b34ad6399d65fc5ffb82357a1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6028922b34ad6399d65fc5ffb82357a1_JaffaCakes118
Size

3.4MB
MD5

6028922b34ad6399d65fc5ffb82357a1
SHA1

8462515bc166e39623a6e9b9dace833c8c9a452f
SHA256

531606f262666158fef9d4853340bd525be1f46ff640f57ebed7a6b18f3e8a89
SHA512

f5040f63acbdf96e7bc1719ffb63734b74bf9bdf84c61217d15f5043edc0eacfdff2b3b05aad06ef25099812776f7ac0e87877122c173c2b6b8b46f9e92a7ec5
SSDEEP

98304:eZjBnfAxXBQ1iz69rMLRifhzH3JrHu/luamYk0XuTvXJ:kjaRQ10I+obJrHuQaRZeT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6028922b34ad6399d65fc5ffb82357a1_JaffaCakes118

Files

6028922b34ad6399d65fc5ffb82357a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88ebf4523b91276ac87aa5a2359af79b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress

Sections

PFV0
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PFV1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aegis
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE