289c93a873441ecba3e6c28e6d0e7463_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

289c93a873441ecba3e6c28e6d0e7463_JaffaCakes118
Size

140KB
MD5

289c93a873441ecba3e6c28e6d0e7463
SHA1

a8d0dab9a94967994424db3cdb5870458317b6b4
SHA256

1ce6cf10435a0ac6bcfeb1be5150817d1268a8b283484416c8849dbfd97886ce
SHA512

2d918639dd7936bb5f94dcf54394a8583e8455742345dc11d16f3a634c6ce789eddc26e5fc2fece5a28cfcbd56d6c4e8690e6fb0c53b95e69dc6937d55c73948
SSDEEP

3072:heYuxvYi7/FyxjqEJ/smJJ8KYoYLVXuDM0W9Mpebg1MEBn:s912qk3BYZzMpeM1MEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289c93a873441ecba3e6c28e6d0e7463_JaffaCakes118

Files

289c93a873441ecba3e6c28e6d0e7463_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9b821a35d20f9a8955f8d5e54b175675

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE