d6fa32371ec0d8523a934611cbbf9ca3_JaffaCakes118 | Triage

Sharing

General

Target

d6fa32371ec0d8523a934611cbbf9ca3_JaffaCakes118
Size

1.9MB
MD5

d6fa32371ec0d8523a934611cbbf9ca3
SHA1

8191c405f89102604ccefb243ce26c4baa2442de
SHA256

d9ee6f0f4d1d0548dccee0041aed40d2adc00661f3478e05f08f2148aa6fa213
SHA512

8a6780822ac5c6ce855e8f426d98d8ae4ee1533ea8e2d2a7ace9ebfb3b1f5d3a5932327eb5fe361bca1b446b52cd1803516d717ce69d20e80f5b64ab59c924c0
SSDEEP

49152:rF+dlDgHwuzGdZNwO7GiM59kYV7tQnXLMf0yd6GLJ/yQgYsWjrad:rF+3DgHRGdZzGi09dmhpk/jgY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6fa32371ec0d8523a934611cbbf9ca3_JaffaCakes118

Files

d6fa32371ec0d8523a934611cbbf9ca3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.delete
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ