7651893745520d3c11dbc2913f1e87e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7651893745520d3c11dbc2913f1e87e1_JaffaCakes118
Size

87KB
MD5

7651893745520d3c11dbc2913f1e87e1
SHA1

649ce5b9691af2d6db9c13c02a38b8dff4c52901
SHA256

9a5132608a6d185d89ed868da9ef223ba3458edfadfbbb291f093126b7129bf6
SHA512

72dd0f881b69d64a23dfeb0efce1551c90803e353a5ab03d30cd19760e9d5c2c9ba8027a59d3cc123be73cf9aa9eed0a955234c47a30ae77fc46ed757e1721f2
SSDEEP

1536:9n3nX3nX3nX3nX3ntAQdbavpEX9sVMw1VQWmET1O/rrYpHpjVrs2ryrd1vUQuqi9:9XnnnnqQdWpyuwB/rreHs2qYj27/yv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7651893745520d3c11dbc2913f1e87e1_JaffaCakes118

Files

7651893745520d3c11dbc2913f1e87e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7396d0a81ee216722361e298b3ba9715

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapQueryInformation
GetDiskFreeSpaceW
BaseProcessInitPostImport
PostQueuedCompletionStatus
ReadConsoleW
VirtualFree
FindActCtxSectionStringW
SetComputerNameW
ValidateLocale
FindAtomA
FindNextVolumeMountPointA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE