b16c3c0961374e1c39aa488134afceb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b16c3c0961374e1c39aa488134afceb4_JaffaCakes118
Size

93KB
MD5

b16c3c0961374e1c39aa488134afceb4
SHA1

443c7eca41bdc05e39194e906d5c13906ad0dfd9
SHA256

81ce3e595995be860b89970f577fb83374136fd6659c50d6c398244ef42c4212
SHA512

e5e8df8e580130bf6097746b083c546afe98e4bb1cff7dcf70f6eb1552f0597f295a33574c7594f056fd3ae23075c28aa48954c82f1b0af2b82b02c40d06d95e
SSDEEP

1536:d8Xd/WzhI7wxVbZdZmcFrMY+WQ3bhZT7HQR8nX9Wb/KOA40CsNdyukfPW:yXBOVJ963URIN6/pnsNYFfP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b16c3c0961374e1c39aa488134afceb4_JaffaCakes118

Files

b16c3c0961374e1c39aa488134afceb4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2eca5ef929f7e78c0ca5d352279bc53c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
TlsGetValue
LoadLibraryA
InterlockedCompareExchange
ResetEvent
ExitProcess
MulDiv
GetProcAddress

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ