3dee493a39bcebd3098649366f34ee45_JaffaCakes118 | Triage

Sharing

General

Target

3dee493a39bcebd3098649366f34ee45_JaffaCakes118
Size

5.3MB
MD5

3dee493a39bcebd3098649366f34ee45
SHA1

6c645bb2fbbd4b0eca1ff242ef8116b3a339de5d
SHA256

186bdca33f66e195bdab458575f360e72e6579f09b695327a4b98ebf745f8905
SHA512

a8ccbd88cd5d6040c0891a54e5d2143106e83e1aa85fdc3a5f2271a4a2fd4fb5f49e8dc34b4defb62c6aa5d278b995abcbc08b873f6733585bf67b242b6667ea
SSDEEP

49152:bHeTlP2+MMJF0UaK1Nl5YN4gZCCQCM0Cla1PrIHsKPe8FLfM9tvnq1ucKMr0+b7X:bmNMu0o7YZQCM0nkHDLXZbbduiOxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dee493a39bcebd3098649366f34ee45_JaffaCakes118

Files

3dee493a39bcebd3098649366f34ee45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE