99ec638cc7e1875bde711d80971b59d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99ec638cc7e1875bde711d80971b59d1_JaffaCakes118
Size

47KB
MD5

99ec638cc7e1875bde711d80971b59d1
SHA1

a6906761f21508eb4058c34edafc2baf6ebeae97
SHA256

7d629eb4332192975b0a3df1377641d6c802d53411773180155d494f20bf64cc
SHA512

8db5eef8b50aacfa82876ad30f4a3f64280e3d20b5955ead6f6f894c7e145c04fe5bc432893164c01780cd920ed2782a9b799d4f9e62d8791a1f92f0c758d3d6
SSDEEP

768:2A/Z14OUPV76Ze/AnsPFiC0Xi/eTlHgJb5xBzK93f/lb94uZivbNAlHK2s/GZxEh:2CZ1u960IMiC0plAJbxzo/lbddl7Zmh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99ec638cc7e1875bde711d80971b59d1_JaffaCakes118

Files

99ec638cc7e1875bde711d80971b59d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c8dd3dbba4903b722352c1ef6d81c06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetLastError
GetTickCount
VirtualProtect
VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryA
lstrlenW
lstrlenA
HeapAlloc
HeapFree
WaitForSingleObject
CloseHandle
CreateEventA

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ