27f5e3c48891bc78571db2f316a1a6af_JaffaCakes118 | Triage

Sharing

General

Target

27f5e3c48891bc78571db2f316a1a6af_JaffaCakes118
Size

92KB
MD5

27f5e3c48891bc78571db2f316a1a6af
SHA1

588cb0261f5fa7b4db5bc2208068d33b28bc797b
SHA256

1510d761ce31b0c9c089b91d8bd94475fc64f888a75d7c96534dba5825dccc6c
SHA512

017a8362c0184b4a1ab306030a77a7152ac2984bb790293aab88f1cbc9a9f705db4643fa8b83d2fca5bd6c50bdc954c4bb66ec0534828260a4c22498037e7396
SSDEEP

1536:B9Brt6Yxe6/kSDmptM1mmkaJhbdsfpGKbO0ctzS5KM/4Y6DZm:BzsW18omTMtkaJ7s0KsMIDZm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f5e3c48891bc78571db2f316a1a6af_JaffaCakes118

Files

27f5e3c48891bc78571db2f316a1a6af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c50d7a06ad176534dca29654d918c2c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
Toolhelp32ReadProcessMemory
GetStdHandle
GetConsoleFontSize
WriteFileEx
FreeUserPhysicalPages
ConvertThreadToFiber
GetTimeFormatA
SetConsoleScreenBufferSize
GetDiskFreeSpaceExA
SetTermsrvAppInstallMode
ProcessIdToSessionId
GetCommandLineA
GetStartupInfoA
ExitProcess
_lopen
lstrlen
SetConsoleCursorMode
GlobalAddAtomA
SetTermsrvAppInstallMode
RegisterConsoleVDM
GetConsoleAliasExesLengthA
MapViewOfFile
GetNumberFormatA
GetTapePosition
HeapCompact
ConvertDefaultLocale
GetCurrentProcessId

Sections

WEIJUNLI
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ