5b9bba604e62fdfb5ff88b1f842ed955_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b9bba604e62fdfb5ff88b1f842ed955_JaffaCakes118
Size

716KB
MD5

5b9bba604e62fdfb5ff88b1f842ed955
SHA1

2416c6b0157b1e3a6414e99daf14938275520c3f
SHA256

e1299e49ed79b64d0eeea9d9e706320265eb2023cba99d0f5e2b9f8b71d68386
SHA512

9a09da077110730d0e07495277cb6caeb5cb9f2d77dad882dd952bab3f9e5cd4c23339f15eb8b28b141197671eb91412553725f941ba9661b9d4cefb4ae8136a
SSDEEP

6144:PWuDiI4ptfj98tno8Xx91aKozJlA6U+5m4RCCbXWJpcsDztWZJzX8KI9Oim8yCP3:PWuD18JjqxoMHozJuPyXW93m8yCPFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b9bba604e62fdfb5ff88b1f842ed955_JaffaCakes118

Files

5b9bba604e62fdfb5ff88b1f842ed955_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5e4cb15aa3df8da982ed18ac40068dec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateKey
NtOpenProcessToken
NtCreateFile
NtClose
NtAdjustPrivilegesToken
NtDeleteFile
NtWriteFile
RtlInitUnicodeString
NtSetSecurityObject
NtTerminateProcess
NtSetValueKey
NtQuerySecurityObject
NtReadFile
RtlQueryEnvironmentVariable_U
NtQueryInformationToken
RtlUnwind
wcscpy

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ