55960bc0c00c8c775421e28f05002f9c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55960bc0c00c8c775421e28f05002f9c_JaffaCakes118
Size

2.0MB
MD5

55960bc0c00c8c775421e28f05002f9c
SHA1

056a4e4b89e9e9943768cf2e86162be5825c635e
SHA256

d9e32ad7861aeaf57a9b50abddd1246210ed00a01eb7b27a7ef72c8dd3eb0150
SHA512

3bb745868e2ec828cdf2dfcc7a97f491a323308fad2c746c195e1b78aba11803e1bb108a861ef820a7cc78f391803eea82e75dae3c1faaab6f1bacce2a2419d0
SSDEEP

49152:J7WOsTBeJH6OdeqLosriDoh34kylje6+SV6wlPD42ax:YEsOr8Y0GVlilPD42

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55960bc0c00c8c775421e28f05002f9c_JaffaCakes118

Files

55960bc0c00c8c775421e28f05002f9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13fb4b8bee6889c032462121efde2327

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Working Copies\Bundles\Defense Center\Av\release\def_main.pdb

Imports

kernel32

lstrcmpi
GetStartupInfoW
TlsGetValue
GlobalReAlloc
lstrcatA
GetAtomNameW
GetDateFormatW
CreateProcessW
GetProcAddress
EndUpdateResourceW
GetModuleHandleW

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ