0c49f390146b313dcb88d53c402c3f62_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c49f390146b313dcb88d53c402c3f62_JaffaCakes118
Size

189KB
MD5

0c49f390146b313dcb88d53c402c3f62
SHA1

4d2f0a5934383092bd51267680df4aec7b7518bb
SHA256

19da8e73e5616485508b85f569c3859471b654f48f9a97603d16bee55a0b907e
SHA512

855490d70c4bf71bdc66a715ea8dad5ac280df7f700c0a981215df2b4b5f818fdf5138ae81c5f65df547dc25f6083ce7e44591d05bd54cd96a9af368ab9df6d9
SSDEEP

3072:x5cAeTAdMJsM5wys4UjEDdV2kYqgaDJpYKsAQf4Lq5aOAm:x5cbTJ5wAUjCdRYq9DJprrq5aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c49f390146b313dcb88d53c402c3f62_JaffaCakes118

Files

0c49f390146b313dcb88d53c402c3f62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Sections

.data
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ