486531a3f15293e1a403d6d2933e306e_JaffaCakes118 | Triage

Sharing

General

Target

486531a3f15293e1a403d6d2933e306e_JaffaCakes118
Size

339KB
MD5

486531a3f15293e1a403d6d2933e306e
SHA1

ec217b06d5ab7dea19b07b5c1c490ca7a5ee7ec6
SHA256

703d6cc43bbecab62751f9dc2d4eb5b39e61d023d29308555e1b84f137113135
SHA512

ce152552deac6e0551cc5b2c8589359df104bc7e742df078e4dd2cb9fe3a802bf8b8f6a3156d68a250101a8f2ac83475897d81927b4fedd8cb606813060b1e19
SSDEEP

6144:88f2v0ZHaBofP94tM7PmpJnm9hasUsgpOoPDGoqmLF0msCs9dcKocq1:5k0o2P94ObImb8LPqKJ0msKEe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
486531a3f15293e1a403d6d2933e306e_JaffaCakes118

Files

486531a3f15293e1a403d6d2933e306e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.nsp0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 331KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE