766544bee5b4950edf9f89046df89db0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

766544bee5b4950edf9f89046df89db0_JaffaCakes118
Size

639KB
MD5

766544bee5b4950edf9f89046df89db0
SHA1

470b53b5a5c7bc954402a1ecee1987fa43313f9c
SHA256

4f24f93309e8188b793ed1c1aab5c2db2566ef0b14e9b812fa51b0bb3542bca4
SHA512

d923a5a55230adf32cddddd873ac16c26028937b7fcd38dcc008e3f8213d4c917ade1a1a2b5f12aa6b5d3176cc0e7a9faea41c787b60dd76d912be18224d5ee2
SSDEEP

12288:d1+suZE+78LlhxTL+Z4gmx3JLu/FWOZio0GTBBeolklMP9Lq9dXWdIw7:+suA7NO1mKQA/fKolklMIGF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
766544bee5b4950edf9f89046df89db0_JaffaCakes118

Files

766544bee5b4950edf9f89046df89db0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02e04c9a8ff4d398d9ba044eb59173ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPGenKey

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerA
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ