8404812b8d03ea5d85827647f59ab442_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8404812b8d03ea5d85827647f59ab442_JaffaCakes118
Size

253KB
MD5

8404812b8d03ea5d85827647f59ab442
SHA1

30349e0726ec31422932582eb79b14439b2784ca
SHA256

a13a256c5ced2f51f4d944c74b10905d7b7c6b1c0a5a1e6360a113d210f3dd28
SHA512

944859c30ba2a97e4c704081d46b9b6065d5198e723acef6b5a431fc6d41c72322ecf5e878b9778b8d50721b837832fba34fdaa8fe7d71c089b6ab865d578c5f
SSDEEP

3072:kpuTncZt92X+xTaZp1lCHd2A0MUOehCTZlI1bTLF7yVLZMQ8sL+lCW/C1oYIci+4:XchLcCIvZouXFGRZM1VeIcz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8404812b8d03ea5d85827647f59ab442_JaffaCakes118

Files

8404812b8d03ea5d85827647f59ab442_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e0d62e16523ac3f83b7523965a608c54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetExitCodeProcess
CreateFileMappingA
CreateNamedPipeA
GetModuleHandleA
GetProcessVersion
GlobalAlloc

user32

SendMessageA

Sections

ZICvbcHC
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AFJPsjXe
Size: 4KB - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JBPJZwBd
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE