4477f5c4f0c116fe6dbf0f875db0c4d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4477f5c4f0c116fe6dbf0f875db0c4d4_JaffaCakes118
Size

300KB
MD5

4477f5c4f0c116fe6dbf0f875db0c4d4
SHA1

6fc0ce2d18aaf767432c30c5081175d93b25ff65
SHA256

06789b2bcdcae11987a23606664afc192b1325fa1dd17c50a481bd9c547d8605
SHA512

77e18758a063d0882ff717891c091627815779874c793f3f79a7bb963f5c0b6b74396c5d3dea20a77b99f462dba066add966d0bea015e659badbe0d6f0fd9f5e
SSDEEP

1536:PvBTnDqO25Xubkl029V1hOJzIGO1pENjD8NnsG64dRH1mZ139ClgWHuH7N2GjOTs:PvBT+HlpV1hPGOANusu4XBjuux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4477f5c4f0c116fe6dbf0f875db0c4d4_JaffaCakes118

Files

4477f5c4f0c116fe6dbf0f875db0c4d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3709f4e67da84c824f5a84036b744c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind

kernel32

SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA

Sections

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ