45b660631c3b9ca48c1cdc2569760b16_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45b660631c3b9ca48c1cdc2569760b16_JaffaCakes118
Size

66KB
MD5

45b660631c3b9ca48c1cdc2569760b16
SHA1

8b884a681ef0975f09bcc54424c7f941eb917868
SHA256

0eb43edd63b3ac18432a16224a85da69cd6d006d16d50e5d446559520b96ce86
SHA512

f5492d798cca04bffd477bbd9345794a6b3c7a42df08855bb2d7bbe09a337acde63c9725ff2243e3ead743aae43e49e915017d6b0179558c1fe363592a316b56
SSDEEP

1536:STxlFCH5hLIUdIxZWe9L8CQr5H0PJ4Cie3fjgUh9wU:SbFCHvM1xo154J4Cie3Rh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45b660631c3b9ca48c1cdc2569760b16_JaffaCakes118

Files

45b660631c3b9ca48c1cdc2569760b16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a798933258171132c6f7a89933a27bf1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA

Sections

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE