0322a9da64081c78f430a6299306da50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0322a9da64081c78f430a6299306da50_JaffaCakes118
Size

73KB
MD5

0322a9da64081c78f430a6299306da50
SHA1

5b65d8c1425240fa2971187c950a633deffee749
SHA256

109dc5cbcb9c00c8a24a34f5bf477c74d0fad42e7cbd489b8251d6d5bb57de17
SHA512

709b7d6209f4589d1cf30473217c826c5dc3550789a717b1f5a56dbac9b8244e9c98dcc671fea8cf6fbd5e5ede7b0eaf05e9c314c33b95d40fe6ae339eb4c824
SSDEEP

1536:8Wx4sfJk4Qh9KpnIA83k+j+Pc/S/5JGKT1Gegf9E:8W+R9gI5j+/BilO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0322a9da64081c78f430a6299306da50_JaffaCakes118

Files

0322a9da64081c78f430a6299306da50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0416fdd9adbde4884eca2148bd86837a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocateUserPhysicalPages
InterlockedIncrement
VerifyVersionInfoA
SetFirmwareEnvironmentVariableA
CreateFiberEx
GlobalUnWire
Module32NextW
PurgeComm
GetNumaHighestNodeNumber
LoadLibraryExW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 58KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE