63056a718097ec605d60a6c642ee1aac_JaffaCakes118 | Triage

Sharing

General

Target

63056a718097ec605d60a6c642ee1aac_JaffaCakes118
Size

168KB
MD5

63056a718097ec605d60a6c642ee1aac
SHA1

37e849059dcf55e217b8b70da5021bc27b7e4ec5
SHA256

9f1dec8b969b650a0e05b7d5ef528592f6eb3b5e963a889878f6e11e3c907c87
SHA512

445c491027dd24a0fa4b82d86e47dd012c62acef4cfa0703f39f3b18efc991147e62043533d4d9ddf4214a51163821d1cce6d96aeb91b27b82f4e7dffec06484
SSDEEP

3072:RRuoIz20QGW8hDub69+faCUM60mYsGf04M/JJLj3+US9f0kGkKXoc:Gov0R1h99saCD1sGfm/JJnOUEmkK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63056a718097ec605d60a6c642ee1aac_JaffaCakes118

Files

63056a718097ec605d60a6c642ee1aac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22aa25a9dbb99211db866b1a30897dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
ReadFile
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

hu9Nx\V7
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

3Om'M4+E
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

omuhAXbs
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

C5ZZ;]O@
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fGjD0<e8
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE