30ebc311af4d60db1206463bff3c9aa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30ebc311af4d60db1206463bff3c9aa9_JaffaCakes118
Size

334KB
MD5

30ebc311af4d60db1206463bff3c9aa9
SHA1

4595529d3b8780fb4fd1589799bcbabe710f4f58
SHA256

2dc3f1a93c55120fa9e55f957cdf92ac92c7e39cbe361df313238e0ff1d05755
SHA512

b65255e64a2f62f2a667e51b89fa8b0513e80a2773430599ab15775de1f86a094e8b07d04e00dd5859fe1e9ce84955862f3e4a5660affa37e55687856444cdbd
SSDEEP

6144:TJ24NHCY0qp0TBsOeg6eJ3/4AQrbEltLAFlM33JlWsp24K3Cwlw:U4N30tTWOzJwAQ34tLAKPQxSWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30ebc311af4d60db1206463bff3c9aa9_JaffaCakes118

Files

30ebc311af4d60db1206463bff3c9aa9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 295KB - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ