96c5cd609e8d90d8159967c23b29e34a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96c5cd609e8d90d8159967c23b29e34a_JaffaCakes118
Size

184KB
MD5

96c5cd609e8d90d8159967c23b29e34a
SHA1

b2981b64a4c2b88874fbc38a05cbc2e1cfa0f55c
SHA256

606645bf6e0f32340df0025aff1717d90a02f399b07153a8feb1bf3eb42210e4
SHA512

bb3455c8f4e1ed8fdac0ebebeaf28cb082b4c05bbeef5125dd4ffe7fa4bc832723ddd6eff13d7220d00771e3781b916e11440f486ab466c65f8e3c8163c8cd1b
SSDEEP

3072:/SFzlSAL12ZKtuxMuz6Dg9lTqPRfkndnT+HKh9d9LsJ/+Kc0:/SFMAB4Jx3zv9gPIU29zLe+Z0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96c5cd609e8d90d8159967c23b29e34a_JaffaCakes118

Files

96c5cd609e8d90d8159967c23b29e34a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22aa25a9dbb99211db866b1a30897dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
ReadFile
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

R(@]$,Yy
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

)t.1A^U>
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

b<r@-(#`
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

i'q5mf$Y
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

gnJh?""h
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE