06e589b4e3ab93c6b16389dd79549a7a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06e589b4e3ab93c6b16389dd79549a7a_JaffaCakes118
Size

28KB
MD5

06e589b4e3ab93c6b16389dd79549a7a
SHA1

8a6f61a6d174129fd22cf4ad5888810846e522f9
SHA256

f04bc2fb2f94e24c06700fcc121214985f62bec66a51a46ce63abccae7c23ed9
SHA512

d76f347504ca945eacd871cb61ca385028ef150a9470bbaf097a1a60d7744d51b3915e94cef24adfde5f5343666be443a338bfc71a3782aad97f22591d605ca9
SSDEEP

768:4bvo3FqdjrJVcjTT4Z/RhhhAjk5a8lyi2prGopeSXdFTe0l:yo3L4RRhgAI8z2prvvdFq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06e589b4e3ab93c6b16389dd79549a7a_JaffaCakes118

Files

06e589b4e3ab93c6b16389dd79549a7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d47edb824d9eff15c05a49bbf57504e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
KiFastSystemCall
KiFastSystemCallRet
KiIntSystemCall

Sections

.tlss
Size: 21KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NewIT
Size: 512B - Virtual size: 328B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE