4b3981f9953d92f712d060d073d99e75_JaffaCakes118 | Triage

Sharing

General

Target

4b3981f9953d92f712d060d073d99e75_JaffaCakes118
Size

640KB
MD5

4b3981f9953d92f712d060d073d99e75
SHA1

0c6203212961b3ab98c652c4699ebd3d35b0a3e8
SHA256

684be5ac4c7bb6617f6c0f154123019163a1b96940c0dc389c869d3264de57a9
SHA512

5d8314fc58d687c23430e6f92509c5e1252e054a923febbf6f606b3265fa90397ae9ce41634c15dfe77e577926a41a26048125923fe9a8fc92355df6527c3d37
SSDEEP

12288:KZBArU1kiCfQqZTP+VGaXuwW6UEWXPx9hmt6J1Z0Q6uP8iVsb4dKX0:X0kiCxKM6U1PvIcGQ6O8iub4d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3981f9953d92f712d060d073d99e75_JaffaCakes118

Files

4b3981f9953d92f712d060d073d99e75_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5c5ab23f0cf67b0a103b213b26ff2643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

onex

OneXFreeMemory
OneXCopyAuthParams
OneXInitialize
OneXAddTLV

rsaenh

CPDecrypt
CPEncrypt
CPGenKey
CPDeriveKey

kernel32

GetProcessHeap
CopyFileA
GetEnvironmentVariableW
MoveFileA
CreateSemaphoreW
OpenFileMappingA
LoadLibraryExW
VirtualProtect
FindResourceW
GetCommandLineW
OpenJobObjectW
GetSystemDirectoryA
lstrcpy
FindFirstFileW
GetModuleHandleA
HeapCreate
CreateFileA
FreeConsole

untfs

FormatEx
Chkdsk
Format
Extend

user32

LoadBitmapA
GetMessageW
GetClassLongA
PostMessageW
DialogBoxParamA
DrawStateA
GetPropA
PeekMessageW
LoadIconA
DispatchMessageW
InsertMenuW
IsCharLowerW
CreateDesktopW
GetDlgItemTextA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.str
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE