a646099eb0a581d8016e8642e88a66e9_JaffaCakes118 | Triage

Sharing

General

Target

a646099eb0a581d8016e8642e88a66e9_JaffaCakes118
Size

629KB
MD5

a646099eb0a581d8016e8642e88a66e9
SHA1

399e27f70008751779415d71ad2e4c090a4ee866
SHA256

a8ed3d0678ded44f84022697f1cf2c57f72b3954694a65248713cdfa522b1f60
SHA512

2021c4452ced3276905a5b63c6ceef1541992e84c9f032bb67916689cf093f9b5642bb0f6ea0cf96759279862650127fee9f6923756393b4e14417d477cebed0
SSDEEP

12288:INoZ85knDae+6fAq5bb1uhDwpxme1uoRWrRbz1UaCKtk0PN/i63H:INoDDae/f55bcPe1LWbUa5BPll3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/G.488720-09349321C2.com

Files

a646099eb0a581d8016e8642e88a66e9_JaffaCakes118
.zip
G.488720-09349321C2.com
.exe windows:5 windows x86 arch:x86

5320c32fa5b92d40af26784d8a06b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameW
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessA
OpenMutexW
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ