618db4808dae8cb48a0615307f75a84c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

618db4808dae8cb48a0615307f75a84c_JaffaCakes118
Size

340KB
MD5

618db4808dae8cb48a0615307f75a84c
SHA1

7b544f40f38aac0eb49cc5ba4d64a8ba5eba1ace
SHA256

04f5ad9afcc8d732bc7cf5006ad8109b0aab75081453db9d47e6c8bc33056c83
SHA512

dcb02636e0407b82059c389a0f58a78a4a7c23f685dbe10dad5741d7819cd349cc97b653f983ae5801b3ee3d88512521074083a294d72488ac326b2c8958d0fb
SSDEEP

6144:gxAvuufpjEO8Myc9kWqcKSDA86tATpRdgJgjggukW2zJuqV2PQz:yAjBjEOcVWqS886CdfjgH6tQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
618db4808dae8cb48a0615307f75a84c_JaffaCakes118

Files

618db4808dae8cb48a0615307f75a84c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c07273eb8e203c62300e8c73813ad231

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetNamedPipeInfo
GetMailslotInfo
IsSystemResumeAutomatic
CreateDirectoryA
DeleteAtom
GetFileSize
GetProcessVersion
IsValidCodePage

user32

SendMessageA

Sections

FHCfKRrk
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

cgKfXIoh
Size: 4KB - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ehCVXJLI
Size: 276KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OLBIxySU
Size: 4KB - Virtual size: 1KB

oQVBemoy
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

DgxFizcN
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE