dc383a623c2b44fda712856b83416347_JaffaCakes118 | Triage

Sharing

General

Target

dc383a623c2b44fda712856b83416347_JaffaCakes118
Size

698KB
MD5

dc383a623c2b44fda712856b83416347
SHA1

473b6ef201c6222a7974a0f6df7e2f5926b422ca
SHA256

ee7dcd67b8bf2c17a7881d2ba417e49b2d4a31d22526b84b9c00b9a91726b6e1
SHA512

16763f3b9467952a46eedc4519dc768d6a123dd2a004e5a81bafe932dad421d064752b39ba4c6c5143d2c976f397144789206c6f79dc8eb1aff919a7f166b72d
SSDEEP

12288:v0q8pNTgL+JEuzluwHTiHaQ57UHfyxTUAhMQ:v0q6NkL+iuzlVuHaQ57U/UTUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc383a623c2b44fda712856b83416347_JaffaCakes118

Files

dc383a623c2b44fda712856b83416347_JaffaCakes118
.exe .ps1 windows:1 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.petite
Size: 7KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE