e89f80d91dc3bc0e6df1133d993e0921_JaffaCakes118 | Triage

Sharing

General

Target

e89f80d91dc3bc0e6df1133d993e0921_JaffaCakes118
Size

111KB
MD5

e89f80d91dc3bc0e6df1133d993e0921
SHA1

0fa6bbcb7501d3e77673ed812655968c27b1b4d2
SHA256

2d6da1ee3dd683a450b88e9b0ff4884373ed0a94c005e8950c1d2e8c8312d1e6
SHA512

7d9f8cbf1b61cd66d5d246312c6e05f857290ebba3246faf31b2f3a79c8ad407515e243dbcd995b627a796b6ad9a578775ce0ef84b470d4366d3fd5c3cc4f637
SSDEEP

3072:M34+t0OtbkB68SMMvX6aVQ1VBLdR7RAlc0:v+Z8SMMvX6aVQldKc0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e89f80d91dc3bc0e6df1133d993e0921_JaffaCakes118

Files

e89f80d91dc3bc0e6df1133d993e0921_JaffaCakes118
.exe windows:5 windows x86 arch:x86

46f04c9eae293cc193cfd6b3e21a79b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM
IMAGE_FILE_BYTES_REVERSED_HI

PDB Paths

V\/VVVVXXXXQ33#$!SSS.pdb

Imports

version

VerInstallFileA

kernel32

FlsFree
GetModuleFileNameA
GetBinaryTypeA

msi

ord30

wininet

GopherOpenFileA

Sections

jThXa
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

tPf
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ