402793aac2be3b392b51d81dc771ddc1_JaffaCakes118 | Triage

Sharing

General

Target

402793aac2be3b392b51d81dc771ddc1_JaffaCakes118
Size

76KB
MD5

402793aac2be3b392b51d81dc771ddc1
SHA1

b7827337fdb7c9c1dcbe703fbf210b839d93ffbf
SHA256

4ac541242cfaf4c3ca1726316de700ee204fddf655595f4f2b3dd27cc37492f2
SHA512

d8f49600d6341a356281921c1d2e0d51aaa601312ba74002feea626772691ea5b472c817c82417e187089047af90d0f2240fa2363834c2a469d2f5d868a589f6
SSDEEP

1536:qK+cDklMWHtKMD7LcbRh5K8pznXrOAqWjEErxTWDTMqhGKYIZTET8x:dDkTTD+VFnbOnWjBkMqhGKZTbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
402793aac2be3b392b51d81dc771ddc1_JaffaCakes118

Files

402793aac2be3b392b51d81dc771ddc1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

509269897b7dfc298f9a307a0b95e0da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessPriorityBoost
WriteProfileSectionA
ReadFileScatter
GetThreadPriorityBoost
GetThreadSelectorEntry
lstrcpyW
GlobalAddAtomA
LZRead
GetFileType
InterlockedExchangeAdd
SetSystemPowerState

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE