2da30de426fdf432aa23fdd638b186c8_JaffaCakes118 | Triage

Sharing

General

Target

2da30de426fdf432aa23fdd638b186c8_JaffaCakes118
Size

189KB
MD5

2da30de426fdf432aa23fdd638b186c8
SHA1

7a0cf43037cf3eabf8f0c85c1f7183e17ce540d9
SHA256

326b4c8725467804315f0eb6159323cda472961855934e569dd33ef5d4dc43cd
SHA512

41a1d74085e7f86df61fcd7b9ecd4caff99a32faa2acacd1080307fe7cc9aff44e4c0a14a9d9e2ab5f1184316ad41861ceec10997617559496c37bcebb46147b
SSDEEP

3072:rD81gz3tEOIAExXS9JvYx9d3UJYr/Gr5aHQExGoeixAVNW1xB3jYGG2O4OGgTvX:rR5EOeuEVSZfriaVkhTYGGX4iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2da30de426fdf432aa23fdd638b186c8_JaffaCakes118

Files

2da30de426fdf432aa23fdd638b186c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56f8e2298112c58c18cd69a346190cdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwWriteVirtualMemory
RtlInitCodePageTable
RtlNumberOfSetBits
RtlUnicodeStringToInteger
NtSetInformationToken
_aullrem
KiRaiseUserExceptionDispatcher
NtPulseEvent
NtRequestPort
RtlpWaitForCriticalSection
LdrShutdownProcess
RtlSetCriticalSectionSpinCount
_wtol
RtlLargeIntegerDivide
NtPrivilegedServiceAuditAlarm
ZwNotifyChangeKey
ZwOpenProcess
RtlZeroHeap
RtlLengthSecurityDescriptor

Exports

Exports

Bufvfafggpn
Wljgrnuih

Sections

.ldata
Size: 4KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ