f6401658b4837c1082d4989d29e8e319_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6401658b4837c1082d4989d29e8e319_JaffaCakes118
Size

34KB
MD5

f6401658b4837c1082d4989d29e8e319
SHA1

c3f375ee45789331940286d82d44dfb844153add
SHA256

ad236f15251f5084cb45d99a347c5d9bc5ad0d936436b20f43bd624718763623
SHA512

fa1aeaf15a9b280ef2847e47b3dd56c28ae72c13a0cbef5b739a7a8a08d4975e1ca7c19d183f549acdfd1c0f413f46e7a3342c705a1c0419a56bd4c1762fec29
SSDEEP

768:c10uTXXHQcD5pgZPZu8wbizRZYW5WZR6WKTxTpd2sS7w4n:chXHyZRjRR5SR1KTbgsSn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6401658b4837c1082d4989d29e8e319_JaffaCakes118

Files

f6401658b4837c1082d4989d29e8e319_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1738985ef3490ee0e357401a5c199c8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE