b41943bf0259491b3e3d13a90f1c89c9_JaffaCakes118 | Triage

Sharing

General

Target

b41943bf0259491b3e3d13a90f1c89c9_JaffaCakes118
Size

417KB
MD5

b41943bf0259491b3e3d13a90f1c89c9
SHA1

ec0216991a586676c41d20c9ab17503cbe8b10c5
SHA256

d1ec8085f56a3e6eaab8dc173592d4f8f4284ee8417365711131c76df2e29f23
SHA512

92a7afa21aeb9b1c8750055845d6303acc96a6f7e7ae21a3afd228782dc8245042ac4f24beabb5b4fdbf7c4550c68ae2ea46f218fcff9b57f49128acc04e77b8
SSDEEP

6144:LSG4lgj5zoZEAkg4BdkbpmnJoEF9ydSUSIQShAsxi5UYsC5cH1YcGGSlMll4:LXtnLkbpEKEF9ydtSPS9zCK34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b41943bf0259491b3e3d13a90f1c89c9_JaffaCakes118

Files

b41943bf0259491b3e3d13a90f1c89c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46db2b78f75df7b5a0866c866734ec97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FindResourceA
FreeResource
GetModuleFileNameW
LoadResource
OutputDebugStringA
RtlMoveMemory
SizeofResource
VirtualAllocEx

user32

wsprintfA

shlwapi

StrToIntA

Sections

.text
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE