831a49615f22757d90569e9b38b3ad01_JaffaCakes118 | Triage

Sharing

General

Target

831a49615f22757d90569e9b38b3ad01_JaffaCakes118
Size

172KB
MD5

831a49615f22757d90569e9b38b3ad01
SHA1

7963bd271e9a51c32186ccf4bda5d88f1996fc15
SHA256

93aac998d6126f0aedfc2bc23cdbea28da70ee58226d0174d356cf6d91a4dfcb
SHA512

81f8f9e5bb7b9ba1f3cd8366cd660a51b41598a2d65f08276b20ee86a408597f7f47c1604803d8d20f2a7393acb154525b2df868d5c66e4380bf2810881308c0
SSDEEP

3072:1sJvTKhiU+dniu/4zN0PfoOVt9Tw18RIsjQCwEo7BBi:1plGikPAOV3Tw18RNkpP7BBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
831a49615f22757d90569e9b38b3ad01_JaffaCakes118

Files

831a49615f22757d90569e9b38b3ad01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcd81398dc4991f2840c355c1d92baa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

.6ZjA;W/
Size: - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Om0Ne>m<
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

!/uac%nd
Size: - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1hy)w"Fm
Size: - Virtual size: 620B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

"_I?B@Ol
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

s4"mQk&8
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

!f=NMVAR
Size: 4KB - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ