655f5788e455bb131fc08fcd13a9375b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

655f5788e455bb131fc08fcd13a9375b_JaffaCakes118
Size

63KB
MD5

655f5788e455bb131fc08fcd13a9375b
SHA1

8e87ee517d25ddfa7a203931fb19e8ce13516816
SHA256

46ee040ac5de638e905433ecbc7f656d19e3c3c0f68422d0922b177f4e17d688
SHA512

d3d22fc07d91a2fc681da13012554bbd90a560da121846f2473bd2d6c1225cb27929c934525e1c401ee9d4f7031d5e62fd9351773ee220c8166e34f43f2d1339
SSDEEP

1536:EpcyNIGJ0TM9nyxDKHCv0c8gC6Zj7CPA7UZ/jOPP4gPes:ycUIGew9yRFv01cZj7rUZ/jsP4gPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
655f5788e455bb131fc08fcd13a9375b_JaffaCakes118

Files

655f5788e455bb131fc08fcd13a9375b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f510ef607a904d22c7169ea1ac68c5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
ReadProcessMemory
_lread
WriteConsoleA
PeekConsoleInputA
CompareStringA
GetVolumePathNameW
ReadProcessMemory
ShowConsoleCursor
EnumResourceLanguagesA
CreatePipe
GetBinaryTypeA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE