070515683ad5c9713d85192bb8245e98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

070515683ad5c9713d85192bb8245e98_JaffaCakes118
Size

63KB
MD5

070515683ad5c9713d85192bb8245e98
SHA1

3ea258b73ddffbade2a7bf1b7873fb8294e57ea0
SHA256

328ebfc887ab5e93ce27f4ac1a2bbdaf839675e8afa67112702fd96995b0c96e
SHA512

bc89a8aab754e68a51700c0de61ba4bcb2fb38dd0d9941bd0819863d7e2b0f4b9b7cf3c7b4e1df0887351d16130615fb726720570f7e57d2a3fc63c63a072c8f
SSDEEP

1536:8QAP8aDWKxQpQJLcIn8kAeGe4QJ5b7zwRKT:mPHtyQ5V8Vhe4A5Xz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070515683ad5c9713d85192bb8245e98_JaffaCakes118

Files

070515683ad5c9713d85192bb8245e98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32cafbb71f30bc8a625c86495369def9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCompressedFileSizeW
SetComputerNameExA
IsDebuggerPresent
WriteProcessMemory
ConvertThreadToFiber
CloseProfileUserMapping
LoadLibraryExA
UpdateResourceW
IsDebuggerPresent
PrepareTape

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE