12021999d8dd1993ea6c6c6f2924bf86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12021999d8dd1993ea6c6c6f2924bf86_JaffaCakes118
Size

111KB
MD5

12021999d8dd1993ea6c6c6f2924bf86
SHA1

030908c44845e255bc2fa8b05986eeda17cf33ff
SHA256

0e5cbe48d747af67b2441ea8fb9afab58994553149c9f4ea612f4eed21fe270a
SHA512

ff5d2640ff5e12874d591e337760abd884a2b5442eac53b863295c73bfac36fd3763cf88fffa699bcf7bba42d434bd8d9a204425f21a22898d8c25b3a80e29ce
SSDEEP

3072:dC3pKjQke3Hrh3/dh5fW26StUWxAnpg2k:kQQn3rTfW2AWxepg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12021999d8dd1993ea6c6c6f2924bf86_JaffaCakes118

Files

12021999d8dd1993ea6c6c6f2924bf86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 106KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kge
Size: 434B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE