4738915f8bdaea04f6ddebd7374e89fb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4738915f8bdaea04f6ddebd7374e89fb_JaffaCakes118
Size

35KB
MD5

4738915f8bdaea04f6ddebd7374e89fb
SHA1

53611d0076ae7a244533bcf74bebc42125ada643
SHA256

952987e42325664472e6d95abbce39eda34903e6317ce4aaa56a9ccc3c9e099b
SHA512

ac61eae9f77858738e1a9ed45570ef0a6b77743513145a704eb10430be35bedbdaba1ede3ea3d2ad39494899ac839db517edfd210dd92112ece1cfe9c89feee9
SSDEEP

768:/QYkyRUs+1DH9sGATgHiIHPDVIASf6J/E1/cxfYcXI277olFwR:/qxDdPATgHBvDVb5/k0x9IK+GR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4738915f8bdaea04f6ddebd7374e89fb_JaffaCakes118

Files

4738915f8bdaea04f6ddebd7374e89fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0ca8fb524d53a294a75f3adfde9e816

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ