b015b8821d635a55206799473c28b121_JaffaCakes118 | Triage

Sharing

General

Target

b015b8821d635a55206799473c28b121_JaffaCakes118
Size

332KB
MD5

b015b8821d635a55206799473c28b121
SHA1

d622a2dd7873fb4ad0b0fdb30add295ff6d0a7fe
SHA256

8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d
SHA512

6a3f3edb297e839609248081c03dbc458fcac4ad4b91f2ed6fbc43d1ea0fbd410fce9d78cf9db734d4c5d666e1b5227a862223f0cd749bda78a94dca069b4dfe
SSDEEP

6144:xB1n2nSpUKW3Rv4xlS4kUfFm22DK+UrxPKrugGDfh:xBOSp7W3RAxlSly9StD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b015b8821d635a55206799473c28b121_JaffaCakes118

Files

b015b8821d635a55206799473c28b121_JaffaCakes118
.exe windows:4 windows x86 arch:x86

104ee8790badbcc5ea285f6abe0721a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

QueueUserAPC
LoadLibraryW
SetEvent
GetCurrentThread
CreateEventW

user32

RemovePropW

clusapi

GetClusterResourceKey

msvcrt

memcpy

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

para
Size: 4KB - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 702B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ