708757d0a9ec5d3e1d59a365a977df79_JaffaCakes118 | Triage

Sharing

General

Target

708757d0a9ec5d3e1d59a365a977df79_JaffaCakes118
Size

5.3MB
MD5

708757d0a9ec5d3e1d59a365a977df79
SHA1

26ca09f5e380edd06eeaba942ea2c973e67c1dd1
SHA256

91da0020a6c8ea419a556e643ae4504e96932a1b7ab3ee25d55c3fe6742a0717
SHA512

1d32ffb4e8bcd157c3e3d0f1d39b38c83d0e59fcb78470ddc90eb19a463a275effbb9c1ec8f2d53661d9e95fbd57efccbb95ccf74ec355d0d39d9c4f658fe969
SSDEEP

49152:bHeTlP2+MMzF0UaK1Nl5YN4gZCCQCM0Cla1PrIHsKPe8FLfM9tvnq1ucKMr0+b7t:bmNMA0o7YZQCM0nkHDLXZbbdIiOxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
708757d0a9ec5d3e1d59a365a977df79_JaffaCakes118

Files

708757d0a9ec5d3e1d59a365a977df79_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE