acd160450ecb0f718fc127280a3384f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acd160450ecb0f718fc127280a3384f7_JaffaCakes118
Size

20KB
MD5

acd160450ecb0f718fc127280a3384f7
SHA1

2d03c3ed3b722eb2b2c74e42cc1658fd3e09e035
SHA256

47e4b3090fcfc2afb785be5c7986c11b551c9862916e6f91030f9e2075343726
SHA512

4b4687f0dcf5ac87314da8f65bbf09b88bf75729b04b219b4bb5422a44835a5485baa2d53e541698a68892bbb6a457aef867b60136939059c022b7344618ea7f
SSDEEP

384:vaFvCEbiBcKmoy8PM2FgvQaHqPiHo3A078oLCbUMRjjV:IxiBcEHSrxHlRF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acd160450ecb0f718fc127280a3384f7_JaffaCakes118

Files

acd160450ecb0f718fc127280a3384f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

155c6054739d9c4e59ff2e49e1670e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleNlsMode
TlsAlloc
SetConsoleNlsMode
TlsAlloc
DuplicateConsoleHandle
SetFileAttributesA
AllocateUserPhysicalPages
SetThreadAffinityMask
QueueUserAPC
GetProcessWorkingSetSize
IsBadHugeWritePtr
GetProcessShutdownParameters
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

itext
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ