5ca8ba37679ba35cdf01c738a807c393_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ca8ba37679ba35cdf01c738a807c393_JaffaCakes118
Size

8KB
MD5

5ca8ba37679ba35cdf01c738a807c393
SHA1

989da0d57f3540f1653d0c729f426df93e562a4e
SHA256

85e489c2ed6d26fb2101db1b33fa0b10682103563fe291b16682abe7327f92af
SHA512

cdc639248e808a38faff24c55166ba14e842c7b9bb6f0735a539bc1e348238812876ffa910f84aef87d8c21be25990e3f7ef84e9b7c012ae3fdc88d8a551fe9b
SSDEEP

96:LQNaerbJ76OJd9eX+cxk17ev0ebWUKmokSANrfV0D:LQNBx760YxJBtNokS8rfVu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca8ba37679ba35cdf01c738a807c393_JaffaCakes118

Files

5ca8ba37679ba35cdf01c738a807c393_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c7eb98cf3aae8655011d52c3095f47f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrlenW
AllocConsole
GetProcAddress
LoadLibraryA
ExitThread
ExitProcess
lstrcpyA
GetModuleHandleA
lstrcpyW
GetModuleHandleW
GetModuleFileNameA
lstrcpynA
GetModuleFileNameW
lstrcpynW
FreeLibrary
FreeConsole
VirtualFree
VirtualProtect
RtlUnwind

Sections

PL
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 528B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ