b6bb2ab1c875eea25d52e6226901233e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6bb2ab1c875eea25d52e6226901233e_JaffaCakes118
Size

164KB
MD5

b6bb2ab1c875eea25d52e6226901233e
SHA1

176cddaf6468ddbc471ff70509d17664d8deee90
SHA256

0bdc1002f5ce61002c5fa68f73bb085693d98c3f1666637573a39f1e5c425d5e
SHA512

41ffb59d8f34b266dcb1d5445b92afa12ccaed23a420cebb07be793819fc73ff668446a9b8c5f50897ad987d3a35ebf3a6d197fb5dc6f4e36d2f362ee3bb6394
SSDEEP

3072:PGzjkYN6vSzYJqGr9o4nOnq6t9be2DslWBsrJOnkP7wHezi4kUMRze:4ivSqnOnq6t42NsrMnskHuN7MRz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6bb2ab1c875eea25d52e6226901233e_JaffaCakes118

Files

b6bb2ab1c875eea25d52e6226901233e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcd81398dc4991f2840c355c1d92baa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

gewnKIh[
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yuYw0l;N
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

HBCEPh_?
Size: - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

=*M1Vo_-
Size: - Virtual size: 612B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

+f?,-0ct
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

4y95<Kg]
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

(hiP)KCY
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ