5ba06636b0cb80bab6e8e00d01d438a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ba06636b0cb80bab6e8e00d01d438a5_JaffaCakes118
Size

336KB
MD5

5ba06636b0cb80bab6e8e00d01d438a5
SHA1

76b6b0ae09aadbe4e3f250695941aea69aed4046
SHA256

951427b76a2f48c89aac6c92ddf16648bd4b25257caa370de999b570aacc2704
SHA512

b32017029d69a1d78ae7271bfc7e843004f71be22684cdff15e431419427a848916c4e83b24ffaa8b51e4aa35059c539c73d28ea1ec9994cfb8a0863fd8cbd60
SSDEEP

6144:hnra63IFYRCy0w5cs2sx7YwvS9e9DSgwSDVwkTHKV17VE3rsS2:hr13IFYsw5csxG0x3wEVw0e7u3r/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ba06636b0cb80bab6e8e00d01d438a5_JaffaCakes118

Files

5ba06636b0cb80bab6e8e00d01d438a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52f22234ed35e0aca72f8b0c297b6685

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
LoadLibraryA
FreeEnvironmentStringsW
HeapSize
IsDebuggerPresent
FindClose
LCMapStringA
GetOEMCP
WaitForSingleObject
DeleteCriticalSection
HeapCreate
GetModuleHandleA
LocalAlloc
lstrlenA
InitializeCriticalSection
EnterCriticalSection
TerminateProcess
FindResourceA
GetLastError
ExitProcess
VirtualAlloc
GetCommandLineA

Sections

umowg
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ