4dbb9096cf82adb93560168c02b2d2ac_JaffaCakes118 | Triage

Sharing

General

Target

4dbb9096cf82adb93560168c02b2d2ac_JaffaCakes118
Size

390KB
MD5

4dbb9096cf82adb93560168c02b2d2ac
SHA1

00be5346666c9af211b4515bea5a81c33a326ab8
SHA256

e9089021bc7c25b3acb32b83adb70bd383be43ea514049b0d3e1af872c60456f
SHA512

1a9ea2af0ce9c08f509c3f8ba9e6a4134a0af1c0c396080005c365f452af43500f331d3dc949ac2d65714fc32c65cc1ae9486f5aaf1e4041c473b0959c3912d2
SSDEEP

12288:7i0sy8iF4U/128qdVn1lbKUpaYIbuGOsi80Ehq:7iTbiKU/EDTbZpcmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dbb9096cf82adb93560168c02b2d2ac_JaffaCakes118

Files

4dbb9096cf82adb93560168c02b2d2ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9db892a4da6df68bedb65e0a15f4d93f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
CreateFileMappingW
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
LockResource
FindResourceW
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
OutputDebugStringA
RtlFillMemory
GetConsoleTitleA
InterlockedExchange
RtlUnwind
GetCalendarInfoW
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
EnumSystemLocalesW
IsValidLocale
AddAtomA
FindNextChangeNotification
ExitProcess
GetTickCount

advapi32

CryptGetKeyParam
CryptSetKeyParam
CreateServiceW
RegEnumValueW
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA
CryptEnumProvidersA

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ