898382f5a7af8fc5ab8cc71c822d9be4_JaffaCakes118 | Triage

Sharing

General

Target

898382f5a7af8fc5ab8cc71c822d9be4_JaffaCakes118
Size

42KB
MD5

898382f5a7af8fc5ab8cc71c822d9be4
SHA1

0e4252c3f2df0e9d03f4daf4ee3c73b3b74a5e86
SHA256

e9b06d0e378846da16f262ce57ffee820c8379a0d1c098b4cb68ac4f5f03ea62
SHA512

d8ebebf16095594c1b2b8b95582043f314d55ece1c1c8145dc6b5468d16476499479233be13cf2545e3d0c6e6635829c7d10155e86a3fd14f5d7fdc552f41495
SSDEEP

768:w743HZaZaANlNixx5HFUT35Yykt+qmegs/f2ew:wS4Zrl0jRFq1gf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
898382f5a7af8fc5ab8cc71c822d9be4_JaffaCakes118

Files

898382f5a7af8fc5ab8cc71c822d9be4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa77d18b40072a7e1dc36630aafffd27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualProtect

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.conf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 858B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

19G8POW4
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ