0b2e855f0fd97a45b6681f19f972ab7d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b2e855f0fd97a45b6681f19f972ab7d_JaffaCakes118
Size

307KB
MD5

0b2e855f0fd97a45b6681f19f972ab7d
SHA1

c01af2b37c96f102736dc9f9e068b993e14b0c32
SHA256

bb50ddff873f4ca1290ece9a8666e98554e2b6cecf2096b05cc31e653cf18093
SHA512

ecbdfd282ce624b57658feee80673554be0462cd777375ea545cba8a8071047600c8ffe38cb1a0ca3fd1763f0afa6c397f706584fbe847474f1a7459ed56be63
SSDEEP

6144:YAHYTRT+pXbwWub/o37JjU15poIhRpfd8uXwISi5qfFLi1Tn6dtS:OlalbwLmopouRUuQFmx6dtS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2e855f0fd97a45b6681f19f972ab7d_JaffaCakes118

Files

0b2e855f0fd97a45b6681f19f972ab7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da2f0b8e04eb5544a91c8e6655cdff59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

netapi32

Netbios

shell32

ShellExecuteA

Sections

CODE
Size: 300KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE