409964bf2dbbf735438b02fb1c4cd9cf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409964bf2dbbf735438b02fb1c4cd9cf_JaffaCakes118
Size

86KB
MD5

409964bf2dbbf735438b02fb1c4cd9cf
SHA1

f39166b9b72c0b7b02b067dc197f5e23dff036af
SHA256

b175f75b5926beef1d2f940be45b1396802b2b57f052fa698d23736ccbdef760
SHA512

901d8ca10f608b1a5151a6c07ea7b74116096015d045e84988f4f034490e654362fd6c58ccb2debf20ec74a69df32d7903e9695058b0f0f2209149c5452b2f4c
SSDEEP

1536:QQWYtem+IIglVDb7T+y02PEoNQVwj3lYf7Y4xpjVrs2ryrd1vUQuqgmsZcJAEKnf:QrUem+IIU/+yt+E3lYf79xHs2qzrW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409964bf2dbbf735438b02fb1c4cd9cf_JaffaCakes118

Files

409964bf2dbbf735438b02fb1c4cd9cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d825e694d6f3b6176605c5cc394b3d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
GetFileTime
ClearCommBreak
RemoveLocalAlternateComputerNameW
IsValidCodePage
SetSystemTime
_hread
LZCreateFileW
WriteConsoleInputA
RtlZeroMemory
lstrcpynA
SetComputerNameA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 29KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE