3d5a1eda7613fa494dbde279405262a6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d5a1eda7613fa494dbde279405262a6_JaffaCakes118
Size

324KB
MD5

3d5a1eda7613fa494dbde279405262a6
SHA1

741a48b18c610fb3ab8c6227ba11e209a8df961d
SHA256

4eff5b6ecfd090025c13cef707a17a1834701abd31bcc8ca821d71adcf9f4a17
SHA512

477364454f6a659d3b9e7cf9a6fdaf37cdfa995452272e2e145b07e23bf0ad442a9837d1f24d6e76ceab500269fce0669b54b4c88d3a7bd25861b7b7f0369b55
SSDEEP

6144:28VYTvV/yEYEG4ecES7pHmfFBNvWJASo7L8oEpj86aiRa4SHe/K7RJ:6TNaEYV4ecb7p4FjvWJAS28DVjaiRa4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5a1eda7613fa494dbde279405262a6_JaffaCakes118

Files

3d5a1eda7613fa494dbde279405262a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b63c3388b65deb77f7a61a32dce4f0c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
CompareStringA
GetCurrentProcessId
GetExitCodeProcess
CreateFileA
DeleteFileA
OpenEventA
DeviceIoControl
CreateNamedPipeA
FreeLibrary

user32

SendMessageA

Sections

lzrvPJou
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

itpfBaAr
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

XVBzhBrM
Size: 272KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE