16cc1bc24e1e739a6f7adb969aa57c94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16cc1bc24e1e739a6f7adb969aa57c94_JaffaCakes118
Size

385KB
MD5

16cc1bc24e1e739a6f7adb969aa57c94
SHA1

273b0d1997a966fc758f2298b055d72867fa118d
SHA256

c1123739ac0bfe760ed724590c3b7c08777b6e3bb648d992ab834beacd0dfe12
SHA512

0bb1fb48ad246a1c6ecbf8de3938879f463a06b30b285b88fd560d6fdd9675262d6a3de17b0ea0d22a4c14d73e663ee647feed53d85603416a7ac15f3c5ab0d0
SSDEEP

12288:5hqRNuToJ0gSb9ViL7Sy9kyvuuWroRMc/:rqruToJ0p0L7PtuuWSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16cc1bc24e1e739a6f7adb969aa57c94_JaffaCakes118

Files

16cc1bc24e1e739a6f7adb969aa57c94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dae2264e721d7c66f7fa35e864d11aba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryA

Sections

.Kaos2
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Kaos12
Size: 380KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

love
Size: 50B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE