00fec89448fd5c692016da3bbc685ea7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00fec89448fd5c692016da3bbc685ea7_JaffaCakes118
Size

146KB
MD5

00fec89448fd5c692016da3bbc685ea7
SHA1

d7abbe3d93549ca4f86899e4b94472a82e679c9c
SHA256

5b0e1edfc22a13f529d1416a887353923b257f0142ccaa30404922343c5ff3e1
SHA512

e808086284945ca3bdb930a3acad12b3bf2726a6383b91d2b20e7d90f6c99ca4be1f2b4a72cafd8509ff313197403d487093df4281206ceb0b653da049220b04
SSDEEP

3072:ivwfF1MhEjwp1icKAArDZz4N9GhbkrNEkIFxcf9XpZctpc:ivwD+p0yN90QE7ssI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00fec89448fd5c692016da3bbc685ea7_JaffaCakes118

Files

00fec89448fd5c692016da3bbc685ea7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4582ffdd7eb98cb63a937096204182b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 432KB

.idata
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ