49c6ce4445918559834c21d32eee745d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49c6ce4445918559834c21d32eee745d_JaffaCakes118
Size

95KB
MD5

49c6ce4445918559834c21d32eee745d
SHA1

92a70e0cd5479cbdf4aa6983f9751e99ae463f6a
SHA256

9779fb6953869097c94a7e1d1dd7517128cceea8813abc3ebeee71a87ffbafa3
SHA512

96cb11579d02b17f02d54501e09439d9ce9cd570fdbfc13793c5bdc4a04804388b34f0748a4dc690ab4ea07b3286a72c06fda864fd9cda6b9f59f3a14a274282
SSDEEP

1536:gZx4m95vP19yA0qKxlgjDxsK6eDhIKrbqZow2fTYU0t0l5snR+7WGDFBj3P7fzI:gcw5jjKxlgj1R6ufqZGx0t+Ss7WGDrPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c6ce4445918559834c21d32eee745d_JaffaCakes118

Files

49c6ce4445918559834c21d32eee745d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d233166ab2922d66934dc5d0279e4b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
GetFullPathNameA
VirtualUnlock
TerminateProcess
FindActCtxSectionGuid
GetWindowsDirectoryA
SetConsoleInputExeNameW
WriteConsoleInputW
DeleteFileA
LockFileEx
SetConsoleNumberOfCommandsW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ice
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE