3752d25884b679fea0481dfeced8c391_JaffaCakes118 | Triage

Sharing

General

Target

3752d25884b679fea0481dfeced8c391_JaffaCakes118
Size

184KB
MD5

3752d25884b679fea0481dfeced8c391
SHA1

86a7d31ac866e9698268939ba9a4c5c381e36226
SHA256

149e608fd5bb30faa6f27986c8330404e899ed8954c4fa65ed13b4300f2c60ef
SHA512

34ffc87c247e4e2781281c90bf3f4df96c0bf8da44fe000a6e3b65b3f21399e7bf51219cc86c17d590b2309d1a3922bd87618e79a596f99a1a2a6356c39e6950
SSDEEP

3072:/SFzlSAL12ZKtuxMuz6Dg9lTqPRfkndnT+HKh9d9LsJ/+Kc0GBC:/SFMAB4Jx3zv9gPIU29zLe+Z0G4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3752d25884b679fea0481dfeced8c391_JaffaCakes118

Files

3752d25884b679fea0481dfeced8c391_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22aa25a9dbb99211db866b1a30897dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
ReadFile
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

R(@]$,Yy
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

)t.1A^U>
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

b<r@-(#`
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

i'q5mf$Y
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

gnJh?""h
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE