f8947d478271e7e6b2f632f777748741_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8947d478271e7e6b2f632f777748741_JaffaCakes118
Size

92KB
MD5

f8947d478271e7e6b2f632f777748741
SHA1

fa57bc0eda57bed94933c3849afd6a1af060da61
SHA256

d48ad8d69ed397eca4c33947ab8de083e02a2aa10a0d8e6a8870679594e82fce
SHA512

32e8889f2c10f897eedf936e440024ed6e5d0158d93ab864bb943fc9d8f1e3a8148969f9ef02bcdb1b227002cb384dc4840ca4e1a7bdf75e5e37b01f4d239a09
SSDEEP

1536:2DTjszUdpJA2+uPq8Cu99ZPjq6UJeRmUX/cUu+d0ys2b+2xQzHnO4k:2DTjkQdLZztjMJomUX/c+d5PLQTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8947d478271e7e6b2f632f777748741_JaffaCakes118

Files

f8947d478271e7e6b2f632f777748741_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca8dc1c0625aa28a86ff24828767fd72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ResumeThread
DuplicateHandle
GenerateConsoleCtrlEvent
LocalShrink
UnhandledExceptionFilter
GlobalCompact
PulseEvent
IsValidLanguageGroup
VDMOperationStarted
ExitProcess
EnumDateFormatsExA
SetConsoleKeyShortcuts
GetFileInformationByHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlZeroHeap
vsprintf
NtLockFile
strstr
NtReplaceKey

Sections

.edata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEijunli
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ