05b6979869b6bb6efac1edf0fa1104cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05b6979869b6bb6efac1edf0fa1104cb_JaffaCakes118
Size

164KB
MD5

05b6979869b6bb6efac1edf0fa1104cb
SHA1

cbbd9e588ed1c3940a39649e3f6dd81055d283cd
SHA256

ea60ad084b069b15fae5c958b8b254dfdc56552139edc35a11589851bbc3cbe1
SHA512

4fa19af47ebd714f340a53e61f9d097f9950a5d21c13f4d7a33bc956c18d7d3b8b457826fbc056cbaf648d0fc42563dcbaa4989eed01431186eb6830bf321d3a
SSDEEP

3072:2Y+OazvRQWDTxZE1OCNtq5Yau0RKybyGgkC32gyzPzwPe7owkDgQ:2AazvR5D9aOd5Jp1kDgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05b6979869b6bb6efac1edf0fa1104cb_JaffaCakes118

Files

05b6979869b6bb6efac1edf0fa1104cb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\RickohUmbosomwotsawnwhapwaskitin\lioegiejogowkbadusmyerFoulzaariafig\curMuskrobpurfeeaiaemoFoulzaariafig.pdb

Exports

Exports

HideDateTimeOld@8
DecrementRectOriginal@8
CrtModuleOriginal@4
ProviderNew@16
KillVersionW@16

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psikif
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ