6413f8af3fada98d84f3772beca605f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6413f8af3fada98d84f3772beca605f2_JaffaCakes118
Size

1.3MB
MD5

6413f8af3fada98d84f3772beca605f2
SHA1

c6dcc03a34a9e69bc7734eeae7ada09d4bd5d0a9
SHA256

04d427b9d76db298bd1dcf0f6659c0f7f171b5118640e135234940c3f0489829
SHA512

2d3c3ea19ebb146367590d43c51ebd60dab66459e6bb5986076c0edee83c6e100ff71ed6703ed08e772e6aa85cd8182666cd225e09f572e36f0765af35484826
SSDEEP

24576:yeSY9p9nkqCrqY/Nh2zNskFcG9rMuDuDlglr0K0gpDtDyR:yeSY9Xrwev6ulrt0yDyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6413f8af3fada98d84f3772beca605f2_JaffaCakes118

Files

6413f8af3fada98d84f3772beca605f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

_EXECryptor_GetHardwareID@0
_EXECryptor_IsAppProtected@0

Sections

Size: 444KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fvqloglo
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iinolxcc
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rzfsnku
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE