5b815613da3435771f329a526c636527_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b815613da3435771f329a526c636527_JaffaCakes118
Size

43KB
MD5

5b815613da3435771f329a526c636527
SHA1

567af1c0a7152a4272410ee66747dc9ba353535c
SHA256

eb46c5acbd309a9d451983b724dc701369b6c0b8892b0bbb20796e3e3cdce65d
SHA512

68877228488f07d1171e61100a3f0003fb03fdc2e8dbc89f225d7058bae0275dea68ac87c49a9229802780664d977748c491d32bdec36dda42c35687f44b85ec
SSDEEP

768:xM1TUH/ri8nx3ZoAWfI49KsPnxnjkkY93/9fjnNC/ti1yveS0O7:xMknx3ZoAF4VfZjd4PdNCE1ygo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b815613da3435771f329a526c636527_JaffaCakes118

Files

5b815613da3435771f329a526c636527_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7ac57d17c948321cb90d09db6cde9fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Amaretto_Crypter\kessix Version\release\Amaretto_Stub.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
LocalAlloc
GetModuleFileNameA
GetModuleHandleA
ContinueDebugEvent
IsDebuggerPresent
WaitForDebugEvent
CheckRemoteDebuggerPresent
lstrcmpA
LocalFree
lstrlenA
lstrcpyA
GetCurrentProcess
CreateProcessA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind

Sections

.f0Gx
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ