0ea41c0f38685ae5f2957edf6cc72513_JaffaCakes118 | Triage

Sharing

General

Target

0ea41c0f38685ae5f2957edf6cc72513_JaffaCakes118
Size

17KB
MD5

0ea41c0f38685ae5f2957edf6cc72513
SHA1

8c6c3ecbb09f27a5e328c81ec17a23acb5ca4888
SHA256

317d5eb14bb4a07b1243d58ab34b589f81324e0fc67634c4196eab835ed67c6a
SHA512

1899a3b2caf177780f4753c64b09fcd3a5ba0fde5cd56238051bdb89d559659b0ddaa2868edb3e9343a98cd3a874b16a1d2bb69ebdbec3046d08dbe8493fa2cd
SSDEEP

192:cDKfw2fJmGS7shmv6SJ4nG63BUFa3D1PkZ41GbwJ0NspfoZensgoP1eUEtF2qkRF:k2fAGgsYv6SAxUQkS+tP1eU4FPkF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ea41c0f38685ae5f2957edf6cc72513_JaffaCakes118

Files

0ea41c0f38685ae5f2957edf6cc72513_JaffaCakes118
.exe windows:4 windows x86 arch:x86

119ba01abad812c4a461368344bcd6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlZeroMemory
VirtualAlloc
VirtualFree
VirtualProtect

Sections

.
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

c2sa
Size: 8KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE