6f9906db0e6dcd8e763c6daf6e4efe23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f9906db0e6dcd8e763c6daf6e4efe23_JaffaCakes118
Size

29KB
MD5

6f9906db0e6dcd8e763c6daf6e4efe23
SHA1

c00844cf077719be656a8505fafc4c61c7ef9d25
SHA256

7e65416c0ac0142be04c35ad89426f9ee22704eaaf5ef7a43dc066675421e547
SHA512

34872b218e68eff426b10a06795febc66ff20ba2dec8a8b9301403decb1681b97dece675e035cc9156eaa4f0b4b1b68675fa4a66da2c38381a1ebd1acd7a6505
SSDEEP

384:a30y1QBzaq2IPXcPCwVn6zHtNGIWba0B8UFcX6bGafw1:KJQxXXanVnwGNbhOs9K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9906db0e6dcd8e763c6daf6e4efe23_JaffaCakes118

Files

6f9906db0e6dcd8e763c6daf6e4efe23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff927df9041610851956a3da8805d6dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress

advapi32

AreAllAccessesGranted
AddUsersToEncryptedFile

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ