30f05c65c63f8fde846bc72fef683fe3_JaffaCakes118 | Triage

Sharing

General

Target

30f05c65c63f8fde846bc72fef683fe3_JaffaCakes118
Size

31.2MB
MD5

30f05c65c63f8fde846bc72fef683fe3
SHA1

d7c28e9df43aa8a756161bfc38f9f787d4978d61
SHA256

6a5b6ecf39ee7cf9def9e2ec65c456166944bd55f0f37616115f01fb343cc153
SHA512

8a43df91af187fed73ba6f59d5ef857e576629d761bacce78b760997f82f66d5a3a89a3fc628e261b921a9239ad13b3320fe0311e8fe2180c320334315200272
SSDEEP

786432:2XDl2Owjj/Y18GJiAITvoWNFjpDRMJ9WxMrQvO7w7:2XAOwj2QAIDoYFjpyJ9nKO07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f05c65c63f8fde846bc72fef683fe3_JaffaCakes118

Files

30f05c65c63f8fde846bc72fef683fe3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

132233b25aefe1292a48a224f8df5caa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
ReleaseMutex
GetModuleHandleA
GetProcAddress

Exports

Exports

?Jajsas11208910212@@YGHPAXPAD@Z
?Jas17891201270178212@@YGXPAXPAD@Z
?Koooaoo@@YGXPAXPAD@Z

Sections

1312
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.1231
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RSRC
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.41212
Size: 512B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ