014950cb3a5c67d0cd0382c5d3405165_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

014950cb3a5c67d0cd0382c5d3405165_JaffaCakes118
Size

183KB
MD5

014950cb3a5c67d0cd0382c5d3405165
SHA1

fffd9cf28cdcb69ca741f553172e0c472180fae5
SHA256

9d0f546dd85b13510a2c89ba97aa65946229bf819078d0c31921e29479f70564
SHA512

b3a796d4fd3ea45c51edf03225d44afaf267e276b8378e48f74697f7c53e1eae97c9def50632a36d89fd65e72c81b65a4c730d8d705bdf51a4dad6d8cc03df76
SSDEEP

3072:aHdx8byK1t4DsXy9kSSHf63mztjxk2weH2MMHZX1dC4qPFLio9o:EdxlKj4DsRS2f62q2EMuZX18NLiV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
014950cb3a5c67d0cd0382c5d3405165_JaffaCakes118

Files

014950cb3a5c67d0cd0382c5d3405165_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c35ed123bf7fb5532653325910c7a41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualAlloc
VirtualFree

Sections

CODE
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.llydd
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE