8704835b941ff1bd98c69e48c491f800_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8704835b941ff1bd98c69e48c491f800_JaffaCakes118
Size

307KB
MD5

8704835b941ff1bd98c69e48c491f800
SHA1

385aaff3f6f480c97777bb00f86458f4ae0719a2
SHA256

c6298aea0b7315dfffb16af9be33b603239c54c5f680685adc3b4c8c89c2c14e
SHA512

50d46dc17f930090b21649fa5f056c638d745788eab78796ff526291eba4964b7ac93bf41257c3584f52d0b278c62869200402400b35b7f298f105f8a6fc4893
SSDEEP

6144:YRbGFGgrehpZ6Ll+rrAtT/ltsAqX+sH7MyO52inEIscQlZ05:CbHHul+rEtT4X5H7M+uG725

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8704835b941ff1bd98c69e48c491f800_JaffaCakes118

Files

8704835b941ff1bd98c69e48c491f800_JaffaCakes118
.exe windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Sections

.data
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ