26cafbaf2c8209eab273d629d1fe6b22_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26cafbaf2c8209eab273d629d1fe6b22_JaffaCakes118
Size

143KB
MD5

26cafbaf2c8209eab273d629d1fe6b22
SHA1

7ac3cf5226aa2a183b28349bd2c3a21de7d2c088
SHA256

0d74e00131cd18fa4276a4d00981fc8cf5faad112863b67edfadbd28f53d10d2
SHA512

88192a197e2ed5a5db3942ca298f04af879002966e12495fabead39fb2121ef166a84205f0eac5d42adcc0ac6f21c47b81d174d89d04253b841f6c7def601920
SSDEEP

3072:BvZViQryrOsOqDweWFD6CuHuhRJeytdY6oubMBJcYn4f:ZZVyree+6DOhRJeUdYfHWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cafbaf2c8209eab273d629d1fe6b22_JaffaCakes118

Files

26cafbaf2c8209eab273d629d1fe6b22_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3709f4e67da84c824f5a84036b744c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind

kernel32

SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ