5abf161641fe350347edd19e82623af6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5abf161641fe350347edd19e82623af6_JaffaCakes118
Size

166KB
MD5

5abf161641fe350347edd19e82623af6
SHA1

093cdb09a5c265e0e1701c1b4168977fb5810f62
SHA256

fa05f721cb52a57fa03f2cb53783683d1d51c8c0b9ee97fb4de3f7c15cee1782
SHA512

74ecd16001e8b076ad0174049529b66e11c9cc1814ba9ea375f2a370cdd04345a2349c5679abf036c6b614c6e0eddc2bb2b97e1dbeb58c91179daff0f48edb1b
SSDEEP

3072:Qx3UriXL1nse4iN2Cz6Qmn82J8egVk7RE1ao1yuIW3g/pi8ukTBqXrmLpyFD3GAe:QuriXZnjD6QP2J8egGFq1yuIGyrlWmYE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5abf161641fe350347edd19e82623af6_JaffaCakes118

Files

5abf161641fe350347edd19e82623af6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed19171db3408c1911d78c984c03f7c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapCreate
VirtualProtect
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
IsDebuggerPresent

user32

LoadIconA

Sections

.text
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 488KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ