33d255770a7a75348a73e714ab3cfd95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33d255770a7a75348a73e714ab3cfd95_JaffaCakes118
Size

938KB
MD5

33d255770a7a75348a73e714ab3cfd95
SHA1

ad999d1effa7552716423f675af6dea0ad236ad1
SHA256

da25b889f6e543e21ed151292e5904e5f64066fd94ee60365ee92f9c0eee6bf5
SHA512

14df82a7c6b76310deececa13d8acdbc61028fee37a2d58d53f1bb1823804d91ddc1df3992bb9f4e57f448204eba0d6fee1b9887a0b4358a26c2984e4384b1e2
SSDEEP

12288:qztxtmbnVpY9PCU6gUEHElN9+IVrnqTBrsFBnr/sojYq/nlFFVJtr:+tr2PY9sg7HET99rq9rUB7sSYo7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33d255770a7a75348a73e714ab3cfd95_JaffaCakes118

Files

33d255770a7a75348a73e714ab3cfd95_JaffaCakes118
.sys windows:4 windows x86 arch:x86

567312207ff9c985e5edeb37ce5795fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateFile
wcscat
RtlQueryEnvironmentVariable_U
NtClose
NtDeleteFile
NtReadFile
NtSetValueKey
NtWriteFile
wcsrchr
RtlInitUnicodeString
NtCreateKey
NtTerminateProcess
wcscpy
RtlUnwind

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ