5a4469c17e9d0af7c694452697dfd4d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a4469c17e9d0af7c694452697dfd4d8_JaffaCakes118
Size

265KB
MD5

5a4469c17e9d0af7c694452697dfd4d8
SHA1

a5f15ba6047a188c4afcddb82d2fb2fcc951b9b2
SHA256

55987f451ecd332198cfc8b615d494a6aeca5cad2bac6e20c2d77fbbeac5aa0d
SHA512

de642c16b0573b545d8bf52bad6635815046ea240238e203243d509e708d572db8bfcb7e629b767d16713f110db3abf81a785789f346829023f7f1f6650a7d31
SSDEEP

6144:qS4prIEY6UW1uFJAvQobgsjz45oM4XM/BazWhc4WIiuo:qS4iEYu1uFJAYobtjz4aFaUqtWIil

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a4469c17e9d0af7c694452697dfd4d8_JaffaCakes118

Files

5a4469c17e9d0af7c694452697dfd4d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2bb9b2953daf8039a55aaceeb17dc644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
ZwOpenEvent
NtSetSystemInformation
RtlCompareMemory

msvcrt

wcstombs
_beginthreadex
ungetc
_lock

advapi32

EnableTrace

rpcrt4

RpcBindingSetOption

kernel32

DeleteTimerQueueTimer
UnhandledExceptionFilter
Sleep
InterlockedDecrement
SetEnvironmentVariableW
ChangeTimerQueueTimer
GetFileSizeEx
PostQueuedCompletionStatus
HeapAlloc
GetSystemTimeAsFileTime
UnmapViewOfFile
FormatMessageW
GetTickCount
VirtualAlloc
ReleaseSemaphore
TryEnterCriticalSection
SetPriorityClass
TlsSetValue
WideCharToMultiByte
MapViewOfFile

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ