b69961bc641f377c7cd343ba0acb55f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b69961bc641f377c7cd343ba0acb55f5_JaffaCakes118
Size

672KB
MD5

b69961bc641f377c7cd343ba0acb55f5
SHA1

3488df7a3f44c8b337b876e730a118ec959976b6
SHA256

80551a4a740869ab347b4175e5ce69f2733d8ef0936cf2ee07caa77907a7aa72
SHA512

a2e4ab37f60762e3197dbe3f8768a0fe718478941796f11e9482cdf8592db9f6dc570f90f14e67900ad38cba6ad9316bcf3c04c7bf575e5848d1e9793ee6417d
SSDEEP

12288:pzlx4HF04aNmCnhdPBSv2ZoEvzC5Q2RqJ45PpBHN9XTKlN+6Sl0o3K5qmnHR:pRx4PQPBSe/G3W49DrXel86SVaJH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69961bc641f377c7cd343ba0acb55f5_JaffaCakes118

Files

b69961bc641f377c7cd343ba0acb55f5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f612a85b383fc846fb2c4f939b907f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryExW
WriteConsoleW
GetShortPathNameW
CloseHandle
HeapReAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreA
LoadLibraryA
CreateThread
OpenMutexW
lstrcmpi
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.data
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ