f3c10c80797c1d0866e1aabeaab33707_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3c10c80797c1d0866e1aabeaab33707_JaffaCakes118
Size

1.3MB
MD5

f3c10c80797c1d0866e1aabeaab33707
SHA1

497b96aa9d2fc64d3d5846fda0890e5807885e37
SHA256

1d6f568b3e0dad676c358d6e7cfd3eacef0b684c489283977bb098c8e1b792b0
SHA512

bbded2fe195557217c4cb28a18ae44603376d4c351518b4f7aa1f7e357275591718ccbb3a23516ec3555e6d6849f5cd46c7bf55c9845e77b7db16be6cc84bb57
SSDEEP

24576:a8IYZ/C5E8XOjPwU4Zgj6/2CvT0xXdPGuI2Ileqw3B7YyH3V0kT:aNe/Cy8e4Zgw2CvMdOuvgwxNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3c10c80797c1d0866e1aabeaab33707_JaffaCakes118

Files

f3c10c80797c1d0866e1aabeaab33707_JaffaCakes118
.exe windows:4 windows x86 arch:x86

358509b1ca75191dea7b05732e2be664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

swprintf
RtlQueryInformationAcl
RtlLookupElementGenericTable
RtlClearBits
NtOpenKey
NtDelayExecution
_wcsupr
RtlValidSecurityDescriptor
_chkstk
RtlMultiByteToUnicodeN
RtlNumberOfSetBits
wcschr
RtlOemToUnicodeN
RtlUnwind
RtlSetBits
NtCreateFile
RtlSizeHeap
RtlCreateSecurityDescriptor

kernel32

GlobalLock
GetVersion
VirtualAlloc
GetCommandLineA
GlobalAlloc
LocalAlloc
CreateFileA
HeapReAlloc
CloseHandle
SetHandleCount
HeapCreate
lstrcpynW
SetEndOfFile
LeaveCriticalSection
MapViewOfFile
FreeLibrary

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ