0ad5860c9f56a9919ce1d81faba861dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ad5860c9f56a9919ce1d81faba861dd_JaffaCakes118
Size

799KB
MD5

0ad5860c9f56a9919ce1d81faba861dd
SHA1

36b5c7096d03c2d5a4a12f7f3453003af4ccff8c
SHA256

c85f2d6247dac23c442903888eb6d25c75e5db66e643541e2eb3a3939d315c88
SHA512

20a1757312a179d683af375b7ab2f5055dc4c0d5719582ed8fd85fce181536d0697ea3eb0e28c1144b37315af5e09d4240ff416a68abf2c576e0655830a702db
SSDEEP

12288:W2DFx6gFAu6AIHPwFGxyZ3WTB3veY5MUSDzoLfRyNeIed:WStAu6HILZ343veYKUS/olyNPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1 vs 100 Ret.exe

Files

0ad5860c9f56a9919ce1d81faba861dd_JaffaCakes118
.zip
1 vs 100 Ret.exe
.exe windows:5 windows x86 arch:x86

fa9aba929f437fffc73dd8957d81081e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc

Sections

Size: 255KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tbhaucbc
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iwwltnye
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE