0c7e98a8262d1b9f5e26ad67fafc394c_JaffaCakes118 | Triage

Sharing

General

Target

0c7e98a8262d1b9f5e26ad67fafc394c_JaffaCakes118
Size

163KB
MD5

0c7e98a8262d1b9f5e26ad67fafc394c
SHA1

70fb5951c64799c01c58f76aaba70d754150ecd4
SHA256

87d333e1644edf2f4902a40c712ababb8e88a6176706f0b8c49282467b6fffdc
SHA512

5aac175e4c12ccb4990fb57c89c436e0ec4df2b9c38f7170523ea81b84d09cd06f63ddb7b15aae0185dbc3b7299d518dfbb9166c5e3fa45c4ee6f8703127a8eb
SSDEEP

3072:Urfcty22Fh8lP/91VvU7ew0tvyZqRn4V9fLdcjR51FJuG:Ifct2FATGLcvyZqiV9fCl5lX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c7e98a8262d1b9f5e26ad67fafc394c_JaffaCakes118

Files

0c7e98a8262d1b9f5e26ad67fafc394c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ce430db7ea417550d9172144c15a393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
GetDesktopWindow

kernel32

GetCurrentProcess
VirtualAlloc
RtlMoveMemory
OpenProcess
lstrcmpiA
VirtualFree
DeleteFileA
MulDiv

Sections

.text
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Ratynq B
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ