549e8741892ffd6bce9247c798d280b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

549e8741892ffd6bce9247c798d280b2_JaffaCakes118
Size

111KB
MD5

549e8741892ffd6bce9247c798d280b2
SHA1

6365a5c650214fd04fc79111f366cf360a9c8b94
SHA256

c984a93262dda822f19670cf159baf1b797c71cd1b967191d8253bdbd8fe0f1e
SHA512

e612c34e2be9637adc8d20d65a94d4246449e56a2592991919986ce06a78c7300e0d330dc6439156150ceab20bbbea18a954120909f10aa26272dcd6091062d6
SSDEEP

1536:ffE37Yf/JEaCy2yI5DkfBU3qzhIgN0XJVl+iHu5Z5LbmXiu7e7/Bg5M7B:ffELA6aBSDkuRl5PRALLov7eTBSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
549e8741892ffd6bce9247c798d280b2_JaffaCakes118

Files

549e8741892ffd6bce9247c798d280b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36e8df4802658ed39d283dcfa613b7c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
GetModuleHandleW
Sleep
ExitProcess

winmm

timeSetEvent

comctl32

InitCommonControls

Sections

.text
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ