e7aa2e8db50feb7fefed4cc7e4bf3857_JaffaCakes118 | Triage

Sharing

General

Target

e7aa2e8db50feb7fefed4cc7e4bf3857_JaffaCakes118
Size

616KB
MD5

e7aa2e8db50feb7fefed4cc7e4bf3857
SHA1

b487ec0d299893de79d5af0d01d68373448eb2ee
SHA256

abe80b9c5f49e09d144924bac4b0749c4baff115b03fdd92714b73dfb9a5b8ca
SHA512

98ae9fc26108b13aa9dfc434cbc09a7745143eb92e2c4286265502ddfe50949921627310c0fc8e573f3e8f784a9df6a3652f69997a75bb4ae22879a093c8b1aa
SSDEEP

12288:ku6fLjX3IcDTDlw4SsYOxIxwd0sKDvubuQdQOnDRavTsIvREP:kBjX3IiDl3SitqYkOnDuAIvREP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7aa2e8db50feb7fefed4cc7e4bf3857_JaffaCakes118

Files

e7aa2e8db50feb7fefed4cc7e4bf3857_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snaker
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE