402197168063062035222fe7e473b599_JaffaCakes118 | Triage

Sharing

General

Target

402197168063062035222fe7e473b599_JaffaCakes118
Size

291KB
MD5

402197168063062035222fe7e473b599
SHA1

0de7b3b4dd2e2cf38271f595939e2c37fb189682
SHA256

f0d76234121ad8ed5d0709ec2050611ac398a1b4bf56ddc2cd29a50d1635003e
SHA512

5624e09cf7babd0f8db89ac4198189113c598f6b1a05da997d2d882ca5f0c03dbf9ee9990cce83fb5660da5aa55fd5ed2e32cfd2405191596450d67a204adf50
SSDEEP

6144:SQccOg314YK5N1T5/N4shwwbRge2ED8w+5sGk2Z/DgBi:SLcL1MN1lisy7e2EKjk2Z/EBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
402197168063062035222fe7e473b599_JaffaCakes118

Files

402197168063062035222fe7e473b599_JaffaCakes118
.exe windows:4 windows x86 arch:x86

240a55fac3d44e10362c894c11dc76d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
CompareStringA
GetNamedPipeInfo
GetCurrentProcessId
IsValidLocale
CreateNamedPipeA
DuplicateHandle
FreeLibrary
GlobalAlloc

user32

SendMessageA

Sections

cTMVvsbs
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

pycGDVhH
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HaBniIir
Size: 260KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE