43e091f9dba75310c549fab362f50299_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43e091f9dba75310c549fab362f50299_JaffaCakes118
Size

437KB
MD5

43e091f9dba75310c549fab362f50299
SHA1

529cc78c7789d01a5ab4d76b6eb61fb6e6a7f621
SHA256

bcf0aee3f3aef8860bf66a262b03f488477640536d7cbb3aa500c9fc657e8578
SHA512

0267bdcc0b96e7478a91131527d2696098fdc0d2364637db4265b921794006ed3cdf838cd1e170b56c5e3058da5d9b085e330725b6e63371f40fa080b6950f84
SSDEEP

6144:ub1lNcwfl6fAxyFAwnmLxbAeeee55V3ETHOREQ9uwU8MIEYrsFG3vb6xtSCE2h/J:u9cix0rUs5V3YOREQ9c8MIyFOCJ5Z+L+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43e091f9dba75310c549fab362f50299_JaffaCakes118

Files

43e091f9dba75310c549fab362f50299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eb6.cs1f
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

onwk03sv
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vowmnk4k
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ