f54db88f3c0580930cc1a8f93cc90d9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f54db88f3c0580930cc1a8f93cc90d9a_JaffaCakes118
Size

593KB
MD5

f54db88f3c0580930cc1a8f93cc90d9a
SHA1

e2538ffc52f7ef7d0b2f3dc4c1026a7cda9443aa
SHA256

be70a32685a551f343d5976cc23957db10ce81239a75e280ee5eba5d9f9b32ef
SHA512

22d2e40152d5c6ac5150af8210280e6ef07260776bf5424ceabb80aa2ef9c23013a7f2b69e11ef56d5673a1cf14b78fe6ffd9d977333ca2e4f90e3669e7089ee
SSDEEP

12288:4AhiZFG/ZqMCKwmARpXSFicklnCW4PE87psrAIxSxkPa9Ap5T9SS:jhyG/ZNqXSFiZlnOPj7qxsxkPa+BSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f54db88f3c0580930cc1a8f93cc90d9a_JaffaCakes118

Files

f54db88f3c0580930cc1a8f93cc90d9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fce7809a30096dee5d325be7178490ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
ExitProcess
FindResourceA
GetModuleFileNameA
GetThreadContext
GetTickCount
LoadResource
LockResource
ReadProcessMemory
ResumeThread
SetThreadContext
SizeofResource
Sleep
VirtualAlloc
VirtualAllocEx
VirtualFree
WriteProcessMemory

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ