209ee9e2b45f5110548887c48b1fadb5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

209ee9e2b45f5110548887c48b1fadb5_JaffaCakes118
Size

676KB
MD5

209ee9e2b45f5110548887c48b1fadb5
SHA1

984e416543622bfe187d9bfb72022756825e4f37
SHA256

3fbbe344bf565e12ca117b06062b720298ff5ef9ce477b836e4220623af3487b
SHA512

9c5793230e856235046cc0ab67b698216855fd17fc184236ad84a2fa8ea58e122b4a5c279ea8ee87ccf8e674eb5dd0353a8dc4d5f3fb672472b0c32c4a1722f9
SSDEEP

12288:ftV/3vgf+7+vQltM33Fy/lN2vNER4g4OCuNo4/NL5QCUYOI:fmPDQN2vNE+NluNLvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
209ee9e2b45f5110548887c48b1fadb5_JaffaCakes118

Files

209ee9e2b45f5110548887c48b1fadb5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a4c59f8399a53bb5c57d011baca5b971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameA
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessW
OpenMutexA
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE