9319e9bc6781656448d65aae67ceceb9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9319e9bc6781656448d65aae67ceceb9_JaffaCakes118
Size

3.4MB
MD5

9319e9bc6781656448d65aae67ceceb9
SHA1

41c6baec09e63d27b62e913204cf02ae52b6686a
SHA256

77e0d77e38f9a7eb6497f0987c7f99dcc31174d4c1352008fc3dab12661d2709
SHA512

7b13b63d59a7b35731b313ade6ad49d7e4aa7bcd9dcd070b4b961b8c1e44ee13297f171e16c12629f294f5dec90d7b1f87c3f809c924e3ef4e1cce2bc2299ec1
SSDEEP

49152:7m/x4fTdLgGa/0MpNxYBxdKt9sx75+1ZR4ObQ+BKDH7hZ:7mardbggx7Yhq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9319e9bc6781656448d65aae67ceceb9_JaffaCakes118

Files

9319e9bc6781656448d65aae67ceceb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b0aea11265f18f3d6126046e1a0dcd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

WSAGetOverlappedResult

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ntdll

NtWaitForSingleObject

kernel32

VirtualAlloc
VirtualFree
CreateIoCompletionPort
GetQueuedCompletionStatus
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateThread
CreateWaitableTimerA
DuplicateHandle
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcAddress
GetStdHandle
GetSystemInfo
GetThreadContext
LoadLibraryW
LoadLibraryA
ResumeThread
SetConsoleCtrlHandler
SetEvent
SetProcessPriorityBoost
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SuspendThread
WaitForSingleObject
WriteFile

winmm

timeBeginPeriod

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ