1625e478f624ed9e32b9565735d91300_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1625e478f624ed9e32b9565735d91300_JaffaCakes118
Size

29KB
MD5

1625e478f624ed9e32b9565735d91300
SHA1

4ee5f2a68df88d1d6ccb0e9dd2f3b217bbefd904
SHA256

eb014abcc9cbc7b2f2b780938e002ddd364899c6e36e13dcd119eef7cf5740c5
SHA512

2b368b3573b9add5913eba7ebd4db02cf89fa9d204283bf8be057b7e47cdd74a2f94376e21dfd3c500636334f36466d611a9e1c623c451e4ea083d84a129beb8
SSDEEP

384:obR2s0kEs8sfaFy6fsflGW38xW0BSBkoxeJJCOJHDWLPJR9DuQ8b//irZUDFP0b3:SAkEse46Efiw0BIkocJZkJRVuVIawbW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1625e478f624ed9e32b9565735d91300_JaffaCakes118

Files

1625e478f624ed9e32b9565735d91300_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2fc9fa6a0ff1bd61e659b33bdb761554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread

winspool.drv

OpenPrinterA

powrprof

GetActivePwrScheme

ntdll

memset

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bn
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE