0a8eb10b8727d0bbdf4be449ae053513_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a8eb10b8727d0bbdf4be449ae053513_JaffaCakes118
Size

5KB
MD5

0a8eb10b8727d0bbdf4be449ae053513
SHA1

26276477cdc677976582f0ac194b0341cd614e62
SHA256

22f95170fa33f7e33018acc7aa5346a3489c53c87c98fc253724f532e76e54b6
SHA512

1a0020426f7efdf44ef3a7766640a9c78dab7db38f0300e70fd6285ffc3e6042a9c3ee78f646c3a27580b22bbe55a5b7b0838479501c3c7fb7483e9fd8bbd5c2
SSDEEP

24:ev1GSwuvPkgZpjYrfVG+fVZqPMlCXtMxiPdhUM6smatGSfsgU9qIQD:qv8XrfVLfVZOtxPdhWreEp9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a8eb10b8727d0bbdf4be449ae053513_JaffaCakes118

Files

0a8eb10b8727d0bbdf4be449ae053513_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4564a68a514af2511595e7661a2b2b5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetModuleHandleA
GetThreadContext
ResumeThread
RtlCaptureStackBackTrace
RtlFillMemory
RtlMoveMemory
RtlUnwind
RtlZeroMemory
SetThreadContext
VerSetConditionMask
VirtualAllocEx
WriteProcessMemory

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE