3f879b4f652cc373faf23f95d32e29c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f879b4f652cc373faf23f95d32e29c9_JaffaCakes118
Size

460KB
MD5

3f879b4f652cc373faf23f95d32e29c9
SHA1

196a03c03c3ecaba9a93337494e87190d2c55a8f
SHA256

0547b069ed020c6be02bf0a9aa33fd1eedd1a121fc02392a7122751b11f878bc
SHA512

2ac903a4ba16de50a74425b1bca31973127742d3c4c7a97a51615cf2f6346ad69a4133c65d4ff200fe68745d27099df4c4f15cf616aa70522addc3a91f3b59e8
SSDEEP

6144:GlQX6osZckf9li6mkKLTpScJc2uiAPgDhCDLvyMuU0RlaWFmcaWb2pUzA5iCXyNd:G2X5e/ligKJHJKIt+vyZU9dczjw8n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f879b4f652cc373faf23f95d32e29c9_JaffaCakes118

Files

3f879b4f652cc373faf23f95d32e29c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c97582bd5875b4592249553ed8e4de7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
WideCharToMultiByte
GetSystemTimeAsFileTime
TerminateProcess
ExitProcess
LocalFree
MultiByteToWideChar
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
LocalAlloc

advapi32

GetSecurityDescriptorControl
IsValidSecurityDescriptor
GetSecurityDescriptorLength
MakeSelfRelativeSD

user32

LoadStringA
LoadStringW
GetSystemMetrics
MessageBoxA

ntdll

NtAllocateVirtualMemory
NtLoadKey

rpcrt4

RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree
I_RpcExceptionFilter
RpcStringBindingComposeW
NdrClientCall2

msvcrt

wcscspn
_vsnprintf
strchr
_initterm
wcschr
_except_handler3
free
strcspn
_adjust_fdiv
_mbschr
wcslen
malloc

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ