22d958bc70960f3362513feecfe3ab28_JaffaCakes118 | Triage

Sharing

General

Target

22d958bc70960f3362513feecfe3ab28_JaffaCakes118
Size

274KB
MD5

22d958bc70960f3362513feecfe3ab28
SHA1

0fd519c310e189000bb77ad0b96003285ab0ed9a
SHA256

b358ddcf17067d2de0a909f0cac7fb74d96b7f25cc15cb9f08ad362c5423dfab
SHA512

b97a175c63a544862dd82505484b3a5aa73debbb70f5ad4e0cb901a3a714997e49638cb277c331aaf6ad99acb5bfddd7c863db15bdf1e90d44f95d33a21505d9
SSDEEP

6144:Fx+gnF+2GqK22ee9HaTmS+8QfhNRdw8tRQIWEy/a:Fx+Kw1HaiFtfjweR8J/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d958bc70960f3362513feecfe3ab28_JaffaCakes118

Files

22d958bc70960f3362513feecfe3ab28_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8fa882b539f918dde3a201adc40f2c9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ReleaseSemaphore
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ