cee6595f8b248fe7baf85af2ae2494c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cee6595f8b248fe7baf85af2ae2494c4_JaffaCakes118
Size

197KB
MD5

cee6595f8b248fe7baf85af2ae2494c4
SHA1

4ecc4478aad67f4834a29e7e5007884705cd88cc
SHA256

dbe82d82d41d1b4d5519b4faf5db35ad60ea33b81be50c44bcc2546ef19da012
SHA512

9f2d8e1cab3c2104cf1cee7fa9970f9859135bd7f13d4b1503fe3a61f9e34c25ab000a068e2108f6f8681a9b7fc725def4f7ed72aa5135bc7c84e59bc521fee1
SSDEEP

6144:9VnRpn48EpWS6iqPFkcrpB87kmAJsHOidH:9VPJEpuiqtx/GfOid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cee6595f8b248fe7baf85af2ae2494c4_JaffaCakes118

Files

cee6595f8b248fe7baf85af2ae2494c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0ca8fb524d53a294a75f3adfde9e816

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE