17527c6f1c09f5dea87515386203a8fe_JaffaCakes118 | Triage

Sharing

General

Target

17527c6f1c09f5dea87515386203a8fe_JaffaCakes118
Size

73KB
MD5

17527c6f1c09f5dea87515386203a8fe
SHA1

47bfc1b64c673475244acd42b57a622409ca0ef1
SHA256

48583a61713a0407821b00ddde331b626cdde27c82e9f8591d78040d7b8f3291
SHA512

8aeb4b0a695157781681e4dc108d5cd2a80fda7c8bbc43e4a50e6ab0750ac05346357646e2a12d19922f83dcf46d693e5fef4bc29cffa1dd6bd7e5e1cd486fee
SSDEEP

1536:3flBlF4of3sjmaW/6Eh+5obO5L326Psz7xO93CUpFEVAd:NBlF4s3imV6E8iq3pP+xISUgVA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17527c6f1c09f5dea87515386203a8fe_JaffaCakes118

Files

17527c6f1c09f5dea87515386203a8fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cdacd54cac00d8bb45364b73e599a75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
SetEvent
GetCurrentThread
LocalAlloc
InterlockedDecrement
InterlockedExchange
GetThreadLocale
ResetEvent
InterlockedIncrement
GetFileAttributesW
GetStdHandle
SetCurrentDirectoryW
GetCommandLineW
HeapReAlloc

msvcrt

_acmdln
__mb_cur_max
__p__commode
_pctype
realloc
__set_app_type
__getmainargs
_iob

ntdll

RtlUpcaseUnicodeString
NtCreateFile
RtlNormalizeProcessParams
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
NtSetEvent
RtlUnwind
NtSetInformationFile
RtlTimeToTimeFields

ulib

?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@FSN_FILTER@@QAEEXZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
??1OBJECT@@UAE@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE