b24293692a4e41b981e876a96e41bcf6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b24293692a4e41b981e876a96e41bcf6_JaffaCakes118
Size

629KB
MD5

b24293692a4e41b981e876a96e41bcf6
SHA1

b580de6088b149111ee0387231098e8ae4f4d736
SHA256

9f3fde6be7810bedcab4f671deacc6c67c3c06b736301d71a475319d7bb0c00a
SHA512

565417473c16e7757a95d89860820f6ee630e86027f612a00bf4c567837b41521f89880e0118910dfbf289859d2ca8a188c6400e377846c95a3f6ad3f94834c3
SSDEEP

12288:Mbr85knDae+6fAq5bb1uhDwpxme1uoRWrRbz1UaCKtk0PN/i63t:MpDae/f55bcPe1LWbUa5BPll3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/S-87606625213734B6.com

Files

b24293692a4e41b981e876a96e41bcf6_JaffaCakes118
.zip
S-87606625213734B6.com
.exe windows:5 windows x86 arch:x86

5320c32fa5b92d40af26784d8a06b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameW
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessA
OpenMutexW
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ