4c57de068f179891744ab70cca1a59b5_JaffaCakes118 | Triage

Sharing

General

Target

4c57de068f179891744ab70cca1a59b5_JaffaCakes118
Size

676KB
MD5

4c57de068f179891744ab70cca1a59b5
SHA1

b8c1e394dd37fd9898e2319aabc0c43cfa107152
SHA256

def7b8a0e74e5391479b3cb7e9ed8d2475b15db468a4ae619d12c9562fff8d4f
SHA512

bcd0f56d4d93da4ee4bac2fbbe9b918bf9af26ded737d03ae7aa3c908b656c2aade29dfa3e08c36dd8565fd41c519c05888fac35b3fe85a05b330e740960a2fc
SSDEEP

12288:iED8/eMp3q+AJlK3Hn8DcmSpOVcEn7e0OEst1/ibkcnX4Yx/:i5e3235mSpUc67D0cX4k/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c57de068f179891744ab70cca1a59b5_JaffaCakes118

Files

4c57de068f179891744ab70cca1a59b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ea57984633d404729d7b4c04a05551a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryExW
WriteConsoleA
GetShortPathNameW
CloseHandle
HeapReAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreA
LoadLibraryA
CreateThread
OpenMutexW
lstrcmpi
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ