21fb17ce2b72e04403f259538007ebc9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21fb17ce2b72e04403f259538007ebc9_JaffaCakes118
Size

284KB
MD5

21fb17ce2b72e04403f259538007ebc9
SHA1

2b70426a5eac81e7a0bdd526ace1d34f60efd760
SHA256

15d21ecc12c8eb1949be139545cba2375e57093f825428de46f074d604452af1
SHA512

83a3e783c91d3c77294c702d328d8c577745e6ebf7dedbae18ad3c5ee0f35dcc590f6f86d595d8634d114177d6ee4e60f7b59412df0a9142ceed7e5aa67eace2
SSDEEP

6144:ZmSxX6j7Boe8XhfO0RTMCsV8rS/nMrOQh/tNL1c6BVlF:ISwj7QfO0RTMCsV8ONQ5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21fb17ce2b72e04403f259538007ebc9_JaffaCakes118

Files

21fb17ce2b72e04403f259538007ebc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d23bd388af428fbabd7c5404be79ddef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
memcmp

kernel32

ResetEvent
DeviceIoControl
FreeLibrary
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
LoadLibraryA
CreateFileA
GetEnvironmentVariableA
SetFilePointer
ReleaseMutex
IsValidLocale
IsValidCodePage
GlobalAlloc
GetStdHandle
GetProcessVersion
GetCurrentProcessId
GetMailslotInfo

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ