3be97c5f1007e272f410bea840c07d27_JaffaCakes118 | Triage

Sharing

General

Target

3be97c5f1007e272f410bea840c07d27_JaffaCakes118
Size

87KB
MD5

3be97c5f1007e272f410bea840c07d27
SHA1

b64702430d22b1942b5157c469bff5c5c47aad3c
SHA256

b2c8ac5115aa4067f4380fbad65c09c02aa2b00759a5588d224c42a78e1d4557
SHA512

5ffa91b1473a233b925dfc2be023c67ba8cb5c357041cb758a97394c2b18fc443f5d304b405a7c8230b441300bbfb450385f684d5ce4228fc04f5c8b43238094
SSDEEP

1536:o2fVH/Ohwzm5zG315fp2w6vCZmc9F/YBcGKGokV5ZGD9q6a/C8UYlHM4LBITflO/:zHWhwzU25fEwOxVVEU6OKTfQ461

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be97c5f1007e272f410bea840c07d27_JaffaCakes118

Files

3be97c5f1007e272f410bea840c07d27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

330b6dafd02f3a09e43266df3d0f57f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapExtend
FindFirstChangeNotificationA
GetCommConfig
NlsResetProcessLocale
GetComPlusPackageInstallStatus
GetStringTypeExA
NumaVirtualQueryNode
Toolhelp32ReadProcessMemory
PrivMoveFileIdentityW
VDMOperationStarted

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE