24d63d268df2345720d4914354ec66f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24d63d268df2345720d4914354ec66f9_JaffaCakes118
Size

136KB
MD5

24d63d268df2345720d4914354ec66f9
SHA1

ef7815b12b4c221c2c9c94c78d2b463d709eb9c7
SHA256

023fa3a3f5f4932d9f01e14be5632a7c5135c3d7b1d7899de9e4928dde0c6fe5
SHA512

e128d9f4be5e3fb181a625d47e40e3ec273d16b8c06c57fd104c709be6393f1678d500bb6d1057d1a0acb611632132d4b8a0f7bd6dc5c6efce5e35c2835c55ab
SSDEEP

3072:xqOKB23937IERaNzYXOiV7pmMPdGPUVXtX/3uMEs/74Tf5D6cMD5QxSkdj:8GOmB9PuMEW74j5ucnxSkdj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24d63d268df2345720d4914354ec66f9_JaffaCakes118

Files

24d63d268df2345720d4914354ec66f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5616dcb306df7689c7476d538177ac36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteProcessMemory
LoadResource
UnmapViewOfFile
WaitForSingleObject
ResumeThread
TerminateProcess
WriteFile
SetThreadContext
ReadProcessMemory
LockResource
VirtualAllocEx
FindResourceA
CreateProcessW
ExitProcess
CreateFileMappingA
SizeofResource
CloseHandle
GetProcAddress
GetCommandLineW
CreateRemoteThread
MapViewOfFile
GetThreadContext
ExitThread
GetModuleHandleA
LoadLibraryA

comdlg32

GetOpenFileNameW

shell32

CommandLineToArgvW

Sections

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ