0bd3d294edbba38957d0736ff24cf6dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bd3d294edbba38957d0736ff24cf6dd_JaffaCakes118
Size

266KB
MD5

0bd3d294edbba38957d0736ff24cf6dd
SHA1

bf7480d37d03b92ac0aca68adf58009d9285e463
SHA256

921e8db24c8fc37431fbf323668a8bfbc3ce5345f8adf7efa75e848e3b3cd10d
SHA512

d9c90090418d3a0bf291fbf77770bc8758ed651631abf22d2963d1ba5ac87c236f4e3e0912ef8f7a2fa7763e63a5f2f9f043030f37224f79d2e8ad6c21810b6f
SSDEEP

6144:HFKFCDSz+WgXQoNzYwVvXhYUjgt9zksXH4Yj4glxefxjFRI69Y3XkTVbHitSovta:HFKFCDSYXQmzYG6Agt9lH9r+pPrm3ubb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd3d294edbba38957d0736ff24cf6dd_JaffaCakes118

Files

0bd3d294edbba38957d0736ff24cf6dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e4246784ce5c63f0287e681f50bea33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ExitProcess
VirtualProtect
LoadLibraryA

user32

GetSystemMetrics

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ