1bf0b837cfc81afde26b6971634571b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bf0b837cfc81afde26b6971634571b0_JaffaCakes118
Size

161KB
MD5

1bf0b837cfc81afde26b6971634571b0
SHA1

0026b750ca99760c60ae8b3d64dbb20f1b602f51
SHA256

9c378d78dc067513537ab401e9117da3e26a78262f253b06ffd474c31a35ca8d
SHA512

4bbf81c0f971584e05d69d533fcc12830e630705c4d237c2e1134d995230c0c79c4cd3fff9c2cb0078d30ba7ecf1e88b7c77e71188aa82285139ad32c7d1e66f
SSDEEP

3072:AnCBsqSZpXIr6iIfd/kxmWiEVTJlEdqFuce2:UDhr06iIfdMxmWqd89b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf0b837cfc81afde26b6971634571b0_JaffaCakes118

Files

1bf0b837cfc81afde26b6971634571b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c92746cd3b69c56e5c4ed6d3f9854fa1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
FreeLibrary
VirtualProtect
GetLastError
CreateMutexA
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA

user32

MessageBoxA
wsprintfA

Sections

.data
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ