309e00eddb44f6125f9d3eddfaa10f6e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

309e00eddb44f6125f9d3eddfaa10f6e_JaffaCakes118
Size

984KB
MD5

309e00eddb44f6125f9d3eddfaa10f6e
SHA1

9dc0c71cde1ac8e6d004a34d416d7920a88fb5f1
SHA256

fb0c3c2e974cb11908e58055d3507e89ba767b4132eb3b52806b8550b664448b
SHA512

a0df4cdef05e18a3ff62746c20d1cffadb558968d17b8f8599c637bfd319ef9eae3d442cad61903122715208def9bdba3e0e5c9e9c3e54cc1db35f7ec7a8dca6
SSDEEP

12288:npXUYn43RVb2sv3VGoV5V29HTTNYp/JUvPIGl9Yl/ziUhr/u0lYYWTHLdi8UhBI2:aY4h9HV5ARKGlWM4r/vYYWTpahBPJ6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309e00eddb44f6125f9d3eddfaa10f6e_JaffaCakes118

Files

309e00eddb44f6125f9d3eddfaa10f6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6cb7c652105d9b2b2ff7b5309e0e37cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId

Sections

fqzkwrui
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nuysabwq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gfcrkdrl
Size: 972KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jemfrhwp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE