4895bec21bb48f82940101001897b0b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4895bec21bb48f82940101001897b0b7_JaffaCakes118
Size

412KB
MD5

4895bec21bb48f82940101001897b0b7
SHA1

0b5525e9f4eee0add16d3c36f9a2e32ad92b0fec
SHA256

0c0c65be4d308b92bc1fcf042041c508a04aac4ddfdc73a5829a8c0e4110c4a7
SHA512

f94bfc8140c668ef07fb3c4eececdbe913618e6160e3f8b1a4c697af7abd2adb9a36e97be3bd0bf663632545df46b6d91f20afdea328a547a009fc8bc15a5159
SSDEEP

6144:7tbrVo/b/aTvcPlMKg+bSd9wqAp3NR4tHmjL9OhvxXK9BTln8973EeX/y/mdR:7tPpck+udSqAvRQq8VQ7l8978/CR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4895bec21bb48f82940101001897b0b7_JaffaCakes118

Files

4895bec21bb48f82940101001897b0b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8111320f794d9e62a7ffe5d84bed59a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualFree
VirtualAlloc

Sections

hmimys
Size: - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hmimys
Size: 411KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hmimys
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RPCrypt
Size: 182B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ