49726447f7d6ffde728256011a9bba12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49726447f7d6ffde728256011a9bba12_JaffaCakes118
Size

9KB
MD5

49726447f7d6ffde728256011a9bba12
SHA1

cb325e7127a5717727267f473421207a3e08ce74
SHA256

918a2dff3408f24b6ec52f464fc7256b8fb96d6110e18657b87fe85501b832ed
SHA512

9c8f70ed8d40887928c39c7745532ce26703075411323c5a03b6528932df08250442412ba92eaa0932d29cf9401baf263b1acb59306db3dbdaf0e7cabe647124
SSDEEP

192:ktYiqGDzinSKRK69JRNhu9Q9qrHnfOIwV5AJqeNpFkIodILO7UgNgHp+0o:kEQzinnZf2e+GLEqeNTkbCqGp+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CoreLibPatcher.exe

Files

49726447f7d6ffde728256011a9bba12_JaffaCakes118
.rar
CoreLibPatcher.exe
.exe windows:4 windows x86 arch:x86

51def5b3f850aa76d22723920fd841cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

LockResource
lstrcmpA
CloseHandle
CreateFileA
FindResourceA
GetFileSize
LoadResource
ReadFile
SetFilePointer
SizeofResource
VirtualAlloc
WriteFile

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
trivium.nfo