891c34e6f50d770dc81ee5e17d49e6ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

891c34e6f50d770dc81ee5e17d49e6ba_JaffaCakes118
Size

639KB
MD5

891c34e6f50d770dc81ee5e17d49e6ba
SHA1

ab0753bffbe0dd83ac7a68dbe65957e06e73185a
SHA256

941a7531e148820b5f610fe236f5359de0731c597e21bab3a58858f3143ee7cc
SHA512

442f29ceb1368d98fad6fd09e24223eaca808056c2b466c55d3591327729fdc0b0c4bdccd2392eb18cc49a125f03323963deca5130df55446726e88700df7227
SSDEEP

12288:dlqEbnDZMqvMPakosZvrD5YtrLCZEMY3WLdsJkSwrxbCY4fnLwu:dlqCnNMGkVfzkrLOE+LdsmSw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
891c34e6f50d770dc81ee5e17d49e6ba_JaffaCakes118

Files

891c34e6f50d770dc81ee5e17d49e6ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8526b0f477583b2f8a7d93a03819a10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDeriveKey
CPCreateHash
CPEncrypt
CPDecrypt
CPGenKey

kernel32

Sleep
GetConsoleTitleW
IsBadStringPtrW
GetModuleHandleA
FindResourceA
CreateProcessW
GetTickCount
lstrcpynW
SearchPathW
GetLongPathNameA
OpenEventW
CreateFileW
CreateProcessW
SetSystemTime
GetProcAddress
UnmapViewOfFile
AllocConsole
GetCurrentThread
HeapAlloc

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hml
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ