2f94372c7a58a5f4d370cadcece9ed16_JaffaCakes118 | Triage

Sharing

General

Target

2f94372c7a58a5f4d370cadcece9ed16_JaffaCakes118
Size

52KB
MD5

2f94372c7a58a5f4d370cadcece9ed16
SHA1

77ca8e5e94f50244f3801757176a2adfd33512c7
SHA256

b0d5270e672f460628e99174b0aa88ef0427c6f00af89a0a2d121ccedf18964f
SHA512

086ee760cb9574ca02662de3e8b1cc424d9b821c30e9d68f7e61ea5c7079d48b0bb170e43892f096430ba5b407d20127ac1677fa54967a277fa4abb4842546dc
SSDEEP

768:wexPnrhmAfLpxr+tJrZnHN5M1P7ZPaRD7:wiEeLp0tJNntSj4Rf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f94372c7a58a5f4d370cadcece9ed16_JaffaCakes118

Files

2f94372c7a58a5f4d370cadcece9ed16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a4d1b6a60c6c5a7938ff618cb2c2377

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtQueryVirtualMemory
NtCreateTimer
NtWriteFileGather
RtlConsoleMultiByteToUnicodeN
ZwImpersonateAnonymousToken
NtAccessCheckAndAuditAlarm
NtSetTimer

Exports

Exports

BeginXqxivevycsu
CreateSbwpymrycjn

Sections

.text
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ