92d8779bcf7fb2d3534b77494c382185_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

92d8779bcf7fb2d3534b77494c382185_JaffaCakes118
Size

676KB
MD5

92d8779bcf7fb2d3534b77494c382185
SHA1

dd0c8e026da454afb0f8162e2a37eff377e16c7d
SHA256

3e33f960e41f38589ee5c3d97a3b06e86954e62c4200a8e12cc62b8f5c8b9cab
SHA512

a31feb0d8e175fd721f3c39b89d7d374f8b545771fe7221ec1f9bd48134ec4601faad405ae7c17037daae54d41bc67d08d558c7fbb370db1d9a24513605867e9
SSDEEP

12288:b/lVo88nknDa++69Awnbb1/8G9BCwLx8e1uo5WfRbB1UasKt002:b9VoiDa+/9NnbuG9B6e1HWNUaHx2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92d8779bcf7fb2d3534b77494c382185_JaffaCakes118

Files

92d8779bcf7fb2d3534b77494c382185_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5320c32fa5b92d40af26784d8a06b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameW
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessA
OpenMutexW
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ