3661893a0973bf8a14c670ba642df357_JaffaCakes118 | Triage

Sharing

General

Target

3661893a0973bf8a14c670ba642df357_JaffaCakes118
Size

83KB
MD5

3661893a0973bf8a14c670ba642df357
SHA1

b99dacbd12d696339339201efc11da9a79ae5949
SHA256

e18bc911dbe0c10f8e8ae1e7df0bd0a0e50e4068e8293ab6bc94de82cfd2f27c
SHA512

9eb915afd9f59b178fb87bf670d4858481b9d87562353d245e7cb27d79a9589823fcb8e9304a34c5b2198043bd58089d90ea20859c1f91c124ce551ebd870294
SSDEEP

1536:842Oz4HVETFoFUuBw/r5EXHtv0znILg1PLQgDCZqERayc7l:8iz+VETLh1+HhqxuqEQycx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3661893a0973bf8a14c670ba642df357_JaffaCakes118

Files

3661893a0973bf8a14c670ba642df357_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9430c73239867a07d6b35e227854f314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlCopyLuidAndAttributesArray
RtlDeleteAce
RtlAddAuditAccessObjectAce
ZwImpersonateClientOfPort
RtlAreAnyAccessesGranted
RtlUnicodeStringToAnsiSize
NtQueryFullAttributesFile
ZwQuerySecurityObject
_wtoi
RtlAcquirePebLock
ZwCreateMailslotFile
ZwSetSystemEnvironmentValue
ZwResumeThread
ZwOpenDirectoryObject
RtlQueryProcessBackTraceInformation
NtResetWriteWatch

Exports

Exports

Bhjtjka
Sjtmgys
Brbxomw
AddXtsnxmrg

Sections

.nk90
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 75KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ