ffed5c0f0c06aaf07cdbd3f02eb9476c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffed5c0f0c06aaf07cdbd3f02eb9476c_JaffaCakes118
Size

332KB
MD5

ffed5c0f0c06aaf07cdbd3f02eb9476c
SHA1

b2c710b1f9210e070ddc71cc3b30bb2717c88fb1
SHA256

30be1c1fe73b1d9c647fb4b708d8011f2c58a6d926b15ebd67e836bd62045dea
SHA512

75002463c8be3df7fd6d734bce11d7a65da4ed33e04be7e4fb04a5f08f91fe135ee0429bc970aed254fa2fc641869d7d426266f6c7004e9d18443d0c89360d14
SSDEEP

6144:PU5VzR6nhxvIqgAZJuZZPI/8QhbnX/FNoD32oikGTYyE4MqGO:PU5VN6n3adQBnX/FKQkGYyE4MT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffed5c0f0c06aaf07cdbd3f02eb9476c_JaffaCakes118

Files

ffed5c0f0c06aaf07cdbd3f02eb9476c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7bd6b41235794a1d65c8b3a58c1549f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bhgy7uvhu8uiuvbn.pdb

Imports

user32

DefDlgProcA
CallWindowProcW

kernel32

GetLogicalDriveStringsW
CreateProcessW

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

nqpf
Size: 4KB - Virtual size: 393B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

knut
Size: 4KB - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 787B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ