74edc10648f6d65e90cd859120eaa31b_JaffaCakes118 | Triage

Sharing

General

Target

74edc10648f6d65e90cd859120eaa31b_JaffaCakes118
Size

265KB
MD5

74edc10648f6d65e90cd859120eaa31b
SHA1

94fcc8ed7e57443d2347228d4dacc575e7358de2
SHA256

f68e046d6484ef3f34eb41474b4b9acdb47cd86e7dd0dfd3ca497aa7b62e8459
SHA512

eb7935d1edba77dcad5362ca1ac32accf448c1d81efb626ae8ee72e2088ce2d98f0435d3cad1e0e1c79322557923fc12bc3989c1598a69789ff91b97cab623ca
SSDEEP

6144:XzHSa8d59z/JFZULFokZD/2KkFxpYonwNjTHeiZlXukRO1RW:LSa8d5NJFZQ9eFFogsTHeglXukR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack006/spoolsy.exe

Files

74edc10648f6d65e90cd859120eaa31b_JaffaCakes118
.gz
sample
.tar
rands.tar
.tar
rand123.zip
.zip
AAA.gz
.gz
AAA
rand987.zip
.zip
spoolsy.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE