fab64df9b306855b12a5596447a7337c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fab64df9b306855b12a5596447a7337c_JaffaCakes118
Size

255KB
MD5

fab64df9b306855b12a5596447a7337c
SHA1

b5e0aa5db09dd88826511ca5a55f6cc7fed572ff
SHA256

3e805b088ff99924c207e3dccb082df0b831c796712be3a01cc6bb41d3419a2e
SHA512

b60cd7453ec79664ad85f179329c9f5b213e6664bb6c487ed2fd38a49100b15a5f358c36db2dc3b0dd3c4f5efd35eda7edda8d82d744d863709c3becffb4956a
SSDEEP

3072:wBOt7fFRRXiXLabkhtqLfpNTXGqO2Odtr0cYoO0XCfuv2vwkYNAz2KN+trhoxBFp:hRVibagk72Bb070SukYqzz+dhsYLul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab64df9b306855b12a5596447a7337c_JaffaCakes118

Files

fab64df9b306855b12a5596447a7337c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 221KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DDD
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE