db0357e6ef87d1f519a97441141e211c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

Reason

config extraction: Emotet: pe: invalid address

General

Target

db0357e6ef87d1f519a97441141e211c_JaffaCakes118
Size

61KB
MD5

db0357e6ef87d1f519a97441141e211c
SHA1

3f60f5d1b04eece53cd39b7fad0b5f009aad01e6
SHA256

0613c93577bb169290ede9f75b77143475437ad76f28c8ebe09a639f5287c03c
SHA512

35e42b4cc55fe523c05fe271ad711ce238c78b7ccadf1729868e108445bc076b73940400fc8917f9fabe3cf620bb1456fea9361e1eb04602c594b6bc94775887
SSDEEP

1536:dcxC2fkEWYX/kH0XkYwDcWNMigRG5+K0mT9Fm+QvOY:2XkYX/klDcWNZgRi4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db0357e6ef87d1f519a97441141e211c_JaffaCakes118

Files

db0357e6ef87d1f519a97441141e211c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ