2ae99c98e0e595a629a29ba6e1b3c01e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ae99c98e0e595a629a29ba6e1b3c01e_JaffaCakes118
Size

434KB
MD5

2ae99c98e0e595a629a29ba6e1b3c01e
SHA1

af89251670741e7e73c26bb542db07fbe2265f0b
SHA256

d06a22d49f8e1e36172e957e40afad39c80aaa03f9e66225a07c7df7cc32ac9e
SHA512

be6fb92a3c712f1a78278cbe24bb7896333cd243cdff4dacb27ef5135350d483492e8720b83c4dda51e4e5971c95da337045759b2b62d44021c43bb316f99aee
SSDEEP

6144:hEuHacfcO3h4OZILiSc32gwZB0lqDPPCjE9rlMQY7PDXT1yYNLe8IAHEBuXIdVA1:ZamTSAdwMOPPTrljyTIYNifAk7VAJ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Search.exe

Files

2ae99c98e0e595a629a29ba6e1b3c01e_JaffaCakes118
.rar
Search.exe
.exe windows:4 windows x86 arch:x86

1738985ef3490ee0e357401a5c199c8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ