016f770d6ecc986c80789a504553d26c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

016f770d6ecc986c80789a504553d26c_JaffaCakes118
Size

1.1MB
MD5

016f770d6ecc986c80789a504553d26c
SHA1

1876024d391ed714f663060ad2a1ab08e02d20bd
SHA256

fc4c0fe6c6b7f53dd4625838c2f718c6b9545f6eed2cb5fffe414525ebc00f41
SHA512

61857bff512be38915cdb25f7775948795db71dd02cd625cf05079a8a942358d8a76c2f9963fbb18e3a9f2be622cc07800e5b4936cb8c8484f8cf89b4da836e2
SSDEEP

24576:IFBYCoIBIeREl1lPLh47lXh51BiFVBBcjOTVnNoP4C:aZtB9RElHy51BiFVBBQSVNRC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
016f770d6ecc986c80789a504553d26c_JaffaCakes118

Files

016f770d6ecc986c80789a504553d26c_JaffaCakes118
.exe windows:0 windows x86 arch:x86

3a21b3a40f9fad1b271b203575235971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_vsnwprintf_s_l

ntoskrnl.exe

EmProviderRegister

Sections

drws0
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FdUmk0
Size: 4KB - Virtual size: 64B

UYp[8s
Size: 4KB - Virtual size: 64B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

drws0a1i
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.k.LX4
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE