ed36f47f0cc0f9ffbde99a9838e1c9f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed36f47f0cc0f9ffbde99a9838e1c9f7_JaffaCakes118
Size

1.4MB
MD5

ed36f47f0cc0f9ffbde99a9838e1c9f7
SHA1

888492e0dfed730e6fbca5415ee177e932bc7044
SHA256

09cf16db224aaa028736ce0eaa003711eeb51db031ce8377402047cfb44c19ce
SHA512

8151fc7f0ba047cbb4c20a6600aaac97141c728ce47b31c9454fa602f9d08ccc9527e143f95fde09379a49e7e8758d8e37eb52b2e1f3bf5906730bc5f06e6230
SSDEEP

24576:MniI05XMYJ9BzITeX+AIWPM0WY3vfKWy3:60NftzI2+uXV33KWI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed36f47f0cc0f9ffbde99a9838e1c9f7_JaffaCakes118

Files

ed36f47f0cc0f9ffbde99a9838e1c9f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be6b1582f7a00e6b04ae90588eaf1091

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
WritePrivateProfileSectionA
GetShortPathNameA
GetSystemInfo
SetComputerNameA
GetEnvironmentVariableA
OpenSemaphoreA
GetVolumePathNamesForVolumeNameA
FindFirstVolumeA
VirtualAlloc
BeginUpdateResourceA
GetComputerNameExA
GetTempPathA
VerifyVersionInfoA
SetConsoleMode
lstrcpyA
GetConsoleInputWaitHandle
EnumSystemLocalesA
ExitProcess
GlobalGetAtomNameA
GetDllDirectoryA
LoadResource
GetCurrentThread
GetSystemDirectoryA

d3d9

Direct3DCreate9

advapi32

CredFree

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 816KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ