1b7d08b882fd6e4279c963d541beb990_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b7d08b882fd6e4279c963d541beb990_JaffaCakes118
Size

277KB
MD5

1b7d08b882fd6e4279c963d541beb990
SHA1

b882297f58d9b7dfd571759b8e11c11951632688
SHA256

71e5336295f17263116fdf4a2929b07459cb2a1ef8ff7001d0741a3f12c6ff72
SHA512

ce345f85158d857498c537e3ea1f88c72b84bf717141dbfe9e7b3d5c471115904069e4e515ab7269ccc7bfe9c55436c08f1700d4933820f2c73ee2dd806e094c
SSDEEP

6144:rNQSPYR7ATDSO1wvjaeyWGb28ImDXIEN1:rDYRC1Ca7WGi8IXEN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b7d08b882fd6e4279c963d541beb990_JaffaCakes118

Files

1b7d08b882fd6e4279c963d541beb990_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 269KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE