f9b5e7162acf3c85408fe5040f6e7a4f_JaffaCakes118 | Triage

Sharing

General

Target

f9b5e7162acf3c85408fe5040f6e7a4f_JaffaCakes118
Size

180KB
MD5

f9b5e7162acf3c85408fe5040f6e7a4f
SHA1

4757db44a25ac1c9d8ecdf1d7c6917e5f546c996
SHA256

eb49fdce0409724b11743ed8b3127c5a3fd310b339a43343655a98c6a28d8882
SHA512

a243d7ae430b5dcb332f45c77715b152daf0c2d820327d00e89f00f72b39026b7e7f26ef71e464231147d834ffc30922086dd26c4281f73c00c8d6da6e963666
SSDEEP

3072:LBs17f0x2u3zV4ajaXrO3Ms1cK73vJ3SDQ7rP0YIC/zWKud8mGWI:Lqs2EzV54rKcK7ht7/PQO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9b5e7162acf3c85408fe5040f6e7a4f_JaffaCakes118

Files

f9b5e7162acf3c85408fe5040f6e7a4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f7bae63eebb0fb074f94659c7e654b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
FlushInstructionCache
VirtualProtect
GetTickCount
GetLastError
GetProcAddress
LoadLibraryA
Sleep
LocalAlloc
LocalFree
VirtualProtect

user32

wsprintfA

Sections

266GM_h9
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

:?ETSBuf
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

bNeY! w-
Size: - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

['8R@)kM
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

>;wYy$4B
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE