be8b894463eb04d1177b525e473eda3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be8b894463eb04d1177b525e473eda3e_JaffaCakes118
Size

202KB
MD5

be8b894463eb04d1177b525e473eda3e
SHA1

671cd23bcfe709b945e3f379ccbcb413f6edaf13
SHA256

3d00cba8bd5521ff4e929555ff7b4990631b281f898ec638a7257c7a45f21ffa
SHA512

4c9debb2d9de84743e7094e5545b05933e44934d98ca30220a69c92e4b6325e8c7cbee7d329474e1b502a109a9b9427a5453065640be81828ee02389edba33fd
SSDEEP

6144:oCC+XR2CWjwp7u8RWYOnzH0TWDczo/XRa:oL+IL8lKgccE/XR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be8b894463eb04d1177b525e473eda3e_JaffaCakes118

Files

be8b894463eb04d1177b525e473eda3e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed3785edd0135491f8a6751264fe9cc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
GetConsoleCP
HeapCreate
VirtualProtect
CreateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
RtlUnwind
VirtualQuery

user32

DestroyWindow
GetThreadDesktop
LoadIconA
GetWindowDC

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ