66336debffb0289eba0686d889960b43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66336debffb0289eba0686d889960b43_JaffaCakes118
Size

344KB
MD5

66336debffb0289eba0686d889960b43
SHA1

a27c6a0e32638426184e6f1fcdf28afa8b58fe58
SHA256

342b461875c7bf5039e56884b1e1e74ae8ed9d4d2555d175583d41a7de3436f5
SHA512

9eb28640390d1cd8a6fdd6bcdc4c5a51addd3f6f423749749d0cf3e0d11ab7c45aa661f7d1ae79b2e90b963e9a2b86798b60b1570caa2c549b35254b9be0c9de
SSDEEP

6144:aFxE9U9DCVWLU90iii4azV5uRW8Ng5kDpJ7J6PD8EfLM+vaqDkndpbxkN:aqU9mYqDz/uY/hgndpbxkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66336debffb0289eba0686d889960b43_JaffaCakes118

Files

66336debffb0289eba0686d889960b43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9f544e558731907efd89d1e721e5e41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetThreadContext
LoadResource
LockResource
OutputDebugStringA
ResumeThread
RtlZeroMemory
SetThreadContext
SizeofResource
VirtualAllocEx
WriteProcessMemory
lstrlenA

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ