b5067abbe255875a504ee1a35f17b480_JaffaCakes118 | Triage

Sharing

General

Target

b5067abbe255875a504ee1a35f17b480_JaffaCakes118
Size

97KB
MD5

b5067abbe255875a504ee1a35f17b480
SHA1

983ec58f00cbbf9f20778e79b58466b2a8543060
SHA256

6e021d546ab9d22066374d7c883d60321fdcb099c06da1fc41aad66ad00617c6
SHA512

8fc0e157de0019b437ae44f6ab4c9fd1d3e6d379cea8dbc024a4b824f7b4ef27136c702d8695799b067cdabe3917db679665105ca242e4a26ee9f307ed57da17
SSDEEP

3072:uxXegqr9jqTfTPbtPb88GjlKHtFX+V3fWFUR1GyJdSXAfV:OD83K7AZCX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5067abbe255875a504ee1a35f17b480_JaffaCakes118

Files

b5067abbe255875a504ee1a35f17b480_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f13a1c7afa57cf2f5faf999d25447da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent

user32

SystemParametersInfoA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ