31e7604fb0bfc89571c1bf78d1e657e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31e7604fb0bfc89571c1bf78d1e657e6_JaffaCakes118
Size

4.1MB
MD5

31e7604fb0bfc89571c1bf78d1e657e6
SHA1

96ddaab90f3da3fb9daeacc61d49465f2fcfc2fd
SHA256

425d23b86f0ba678a8c2dec0f4baf18ab144d6e96a49013fb785654c8ffc347a
SHA512

ff56cff6b01c395e34d5ce06e343306bf23ca41b5888d4634c505690a38c3ee094ac4e8304cd5b800aca1fa63451f65553a63f421992266b1f600a2271305aaf
SSDEEP

98304:ZPaAzn7c03hoaoKPO0pmTi1t3YYio+8WUIhJBVOeE19:Baw7aaDPoG1fOTVOeEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31e7604fb0bfc89571c1bf78d1e657e6_JaffaCakes118

Files

31e7604fb0bfc89571c1bf78d1e657e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb60580c831d0fcfefaccd3e2ac9b432

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 2.9MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dlezqyrm
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kaltonsw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mspsnvmt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE