d44c6ea879a01bbdead7ee1a64958789_JaffaCakes118 | Triage

Sharing

General

Target

d44c6ea879a01bbdead7ee1a64958789_JaffaCakes118
Size

1.2MB
MD5

d44c6ea879a01bbdead7ee1a64958789
SHA1

92e427e7630b71ea7555b572c0ced3a749d2e9db
SHA256

ca0790743f5fbd746397df6c8e3f483671d1bda69b3e76e373b0a7481c858359
SHA512

071a6966ddeebd2014c98a331a2d01764a8e80b7c07ef0f2b27a7944f073f9ad8e34178d3d4cc2c7840c831bc86f339158d12f1c0ee8a8191956625f70a3b6fd
SSDEEP

24576:SluHDo18g7t8a/I2LXy8tuV/3RhiBVllANM/V+1IR:SluHS8ELjt8pNMfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d44c6ea879a01bbdead7ee1a64958789_JaffaCakes118

Files

d44c6ea879a01bbdead7ee1a64958789_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e35e768f44d4d1daa0680c06fa409fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetVersionExA
HeapAlloc
HeapFree
IsDebuggerPresent
TerminateProcess
lstrcmpiA

user32

MessageBoxA

Sections

Size: 116KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rwvxjqwg
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

judjybob
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE