626c3c49018e8c5b0b5cc1c6a51b2029_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

626c3c49018e8c5b0b5cc1c6a51b2029_JaffaCakes118
Size

141KB
MD5

626c3c49018e8c5b0b5cc1c6a51b2029
SHA1

59c16ab38ce5130d5961961ca7c9274fa106f8b9
SHA256

c411e1de6f4840664093934c216e499ca8eeb2f2928d362ffb4065726a3564e6
SHA512

08fc5f032b399abb55f43123a417f6093cd42122f904af471e6d9b9188e917b290da40af9ec180133f311b3341970f6456f048199e91ec2c591ad99a5a2cd132
SSDEEP

3072:qyS84KqN7zZIeuMdMKXiG8+lXsj0LEZ8UAXbILQnXQBj3YiID:hqN79IeRMnV+dLO87X0iXQdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626c3c49018e8c5b0b5cc1c6a51b2029_JaffaCakes118

Files

626c3c49018e8c5b0b5cc1c6a51b2029_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xolnri9s
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wzuwirlt
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a5hjcz8u
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ