06682599fa08ba96de6f7eb6a97b474f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06682599fa08ba96de6f7eb6a97b474f_JaffaCakes118
Size

105KB
MD5

06682599fa08ba96de6f7eb6a97b474f
SHA1

2add0a704da3fea25835c76f9173a13d8294ece2
SHA256

d4a4ea5586f2523a12dabc6a6a6e55f307d5d9e132a487d097dad4483799e823
SHA512

f72e28168b2ad8c59fa0c7d68b51688a9ea7c46bbf2fdb1133a43dc3b99861c91cf49e42dda4dd39be4f8d60118df06ac16b1e7000eed69901f08e6b002e8db1
SSDEEP

1536:VI1mzMoTmuijAOijtZbmJyn/ccGXifKYFdXbvRbAXg8rxs0E6:Sgz3m+dzbmAJGXmb7rvRs3r7E6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06682599fa08ba96de6f7eb6a97b474f_JaffaCakes118

Files

06682599fa08ba96de6f7eb6a97b474f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32ca8d5fca836efa8536566f0eee05c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
CreateThread
VirtualAlloc
VirtualFree
ExitThread
GetSystemDirectoryA
CreateFileA
WriteFile
CloseHandle
FreeLibrary
GetFileTime
CompareFileTime
GetModuleFileNameA
GetCommandLineA

Sections

BitArts
Size: 22KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BitArts
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BitArts
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BitArts
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE