26fd372b3fced3c8e315555d64c5ce79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26fd372b3fced3c8e315555d64c5ce79_JaffaCakes118
Size

532KB
MD5

26fd372b3fced3c8e315555d64c5ce79
SHA1

1711bd92814487b2c0c296c51ef65bbf69d43eb1
SHA256

5d2be0cd04a085d28f97edb5c70690bd38b2331f31cf21f746625513c38669ff
SHA512

71aa481df6d532cd22acc9f4a72acf2e8d84c350c8b19fb9c2550e017f8b994e386ac3df6c084d311be2f784d9c9d2e670fe9682c1fdcb7300da65fbca3dfb46
SSDEEP

12288:Eg94SftiAhi/eovAmbPNmGCz+7rK0Kl0myrFrEaB9kq9UCs:Eg9TfieWNbP8zIr3Kl+FJB9kes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26fd372b3fced3c8e315555d64c5ce79_JaffaCakes118

Files

26fd372b3fced3c8e315555d64c5ce79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b8fd62074fd135418b0d6d43f95583a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualProtect
GetProcAddress
ExitProcess
IsValidLocale

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ