62aae49f3c452378e8db2d93d76a792f_JaffaCakes118 | Triage

Sharing

General

Target

62aae49f3c452378e8db2d93d76a792f_JaffaCakes118
Size

334KB
MD5

62aae49f3c452378e8db2d93d76a792f
SHA1

0cc096e7a317887474b25ff27a8d088eed3d6dec
SHA256

1488d03d764be28103826b72acbf92035f505d592ff09d5b76eca1c36b068467
SHA512

8343c02f84eb3fdb62bee51bd12b48e1814b3ce34e45f6eb2ed9da10ddae52037a1baaf40f4c4c314dd5f32e2452325a2a6ae8bbb8d72a93bead2a4fa6353f74
SSDEEP

6144:FBJj+thrdady5KK/iA3NuChWgB8SDoge5gDJ2EFXXRYO4IKy8kuMIu6VrTHM:FmHpDKKsyyS8EFXhhKy8kxIu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62aae49f3c452378e8db2d93d76a792f_JaffaCakes118

Files

62aae49f3c452378e8db2d93d76a792f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59c9ea503bcb42b2aa0fa5091081def4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualQueryEx
GetCurrentProcess
Sleep
VirtualFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

CloseDesktop
SwitchDesktop
OpenDesktopW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 324KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ