141b0886b39f2c4ef6df058dd7d2ec32_JaffaCakes118 | Triage

Sharing

General

Target

141b0886b39f2c4ef6df058dd7d2ec32_JaffaCakes118
Size

15KB
MD5

141b0886b39f2c4ef6df058dd7d2ec32
SHA1

5bfc2b4f9f96fdb809e5bc00827582d22f54df05
SHA256

849cc237c342be3438ef75108a9a11a16baaec6638ec8fd06a32d567af22c422
SHA512

a4ddbbe9ea25d5669ef909c91c4aed455c510275727e13f04928c27d6785e536abe7f4d981ce9def5df7ac81c03ce846a10f89d6ef0ce3595dbc550d43651604
SSDEEP

384:dmUTOS58PzZ/JQoWuCxhxSPQ2vtLrwdaDedA:krS5cRVCxhxct3bj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SAMPLES/PBRUSH.EX$

Files

141b0886b39f2c4ef6df058dd7d2ec32_JaffaCakes118
.zip
FILE_ID.DIZ
SAMPLES/PBRUSH.EX$
.exe windows:4 windows x86 arch:x86

8462b60f6dff3170e8e893be76732af3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRC/CONSTS.INC
SRC/INFECT.INC
.vbs
SRC/KILLAVXD.INC
SRC/MACROS.INC
SRC/MAKE.BAT
SRC/MZ.INC
SRC/PE.INC
SRC/R0IO.INC
SRC/RING0.INC
SRC/UNCALL.INC
SRC/Z0MBIE8.ASM
Z0MBIE8.TXT