16c3e513cdc516fe0b2fa89badcee449_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16c3e513cdc516fe0b2fa89badcee449_JaffaCakes118
Size

989KB
MD5

16c3e513cdc516fe0b2fa89badcee449
SHA1

021746338a07dc7cb3c92b76987e522de84b34da
SHA256

519394d236ac97bcc6974b285fd77d5bd3274f6dd72b3d3f4a9e66938337bf72
SHA512

be01d145c4c88fd36003346288f7cf60b4b88ade71396d74153e000db42c9a4a10fce3823fb37fc51dffb61b4ecde504d1c48888ef91b49809077b11beb9c159
SSDEEP

24576:vvAFZgChQRhZMNUK5k7J5lXJn4hdCf3gL9rr51rNDsOrv:HA1h4MoDVqCf6Bdtn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c3e513cdc516fe0b2fa89badcee449_JaffaCakes118

Files

16c3e513cdc516fe0b2fa89badcee449_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8ae1e5a7111f7ed0180966366d92c23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

OleTranslateColor
VarI1FromI4

kernel32

ExitProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
InterlockedIncrement
MultiByteToWideChar
TerminateProcess

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.version
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ