482932063e35962a010c75ff3cb8a39c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

482932063e35962a010c75ff3cb8a39c_JaffaCakes118
Size

143KB
MD5

482932063e35962a010c75ff3cb8a39c
SHA1

c27664ed3e5d5e9e112d7e7794d584c0ac306fdd
SHA256

0f688bf504f22fd91fa9582ee77a02ce4042634b4ba5ea39390fd48b38f8d8ba
SHA512

f715227f3426c7c2bf25907941cc144c33f8f0f7afcdeb5d569242703d193c69c7095b63307186935f454a64d58b8c3739b9d3f53700726e290de8b77b3bdb40
SSDEEP

3072:Bvf/SToR6XFX5lk5VsY3/6NvVLDtE9cIV:ZfKTxh58VsYv+NntErV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
482932063e35962a010c75ff3cb8a39c_JaffaCakes118

Files

482932063e35962a010c75ff3cb8a39c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3709f4e67da84c824f5a84036b744c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind

kernel32

SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ