3ceadc0d1932df0e251a5d4edb472969_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ceadc0d1932df0e251a5d4edb472969_JaffaCakes118
Size

164KB
MD5

3ceadc0d1932df0e251a5d4edb472969
SHA1

291bdd1a2de2770db4ae4a8f2e347edb66a1a20f
SHA256

07203daf222718c7f269bc49a710028e16b705ef8f2a30082945dabd4ea7873a
SHA512

50fd3d923cf660f78d9575a8b0f72fd5b38ff08979592c01aecc585d1b85edb75427cd3df71cfd51387e72cbee5e33466dbed55d4529c280b776983128126e3e
SSDEEP

3072:8tfIjNWH/6P1R4qOwEvIXgTeaVmpJ6G5RkgO7waOU/ipdN:8ZIBa/6PTOzAQTeaVC3/4wE4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ceadc0d1932df0e251a5d4edb472969_JaffaCakes118

Files

3ceadc0d1932df0e251a5d4edb472969_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6b28f93d550fb1ac649e6ed191ea3196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
OpenProcess
DeleteFileW
lstrlenW
GetCurrentProcess
VirtualAlloc
RtlMoveMemory
VirtualFree

user32

CharNextA
GetDesktopWindow

Sections

.text
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pmudiq A
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ