63281cc3dce5f06c4f322de7ac3b0b64_JaffaCakes118 | Triage

Sharing

General

Target

63281cc3dce5f06c4f322de7ac3b0b64_JaffaCakes118
Size

91KB
MD5

63281cc3dce5f06c4f322de7ac3b0b64
SHA1

9f0b65509c47ae842091f5665b667a968863b694
SHA256

3a9811d23666f1ffefcfa9bb0cefcb02e8bbe2287f8c2168241b9d3df4074cf5
SHA512

b6d4b94cb670c39b2e2f35554b636bc7184bd4ad28fcd8b0cf74eb0c70a803e3b42a502c2d33113668989fde96162fcecfeeea45e388019fb93c279cb5c04ea6
SSDEEP

1536:8AuviZdXlGK+JYj8PIJ8jDI/klDiT2vwIbHL1qCyHiSvWN0uSurbL3:lnVf+Kj84mMcMTLE1kC9muR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63281cc3dce5f06c4f322de7ac3b0b64_JaffaCakes118

Files

63281cc3dce5f06c4f322de7ac3b0b64_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3b4de68ab1a4b8068ddc5f80ddbbf940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetInformationObject
swprintf
ZwClose
ZwOpenFile
RtlImageNtHeader
RtlStringFromGUID
RtlDosPathNameToNtPathName_U
LdrFindEntryForAddress
ZwQueryInformationProcess
RtlRandom
ZwAllocateLocallyUniqueId
RtlFreeUnicodeString
wcscpy
ZwQueryValueKey
ZwOpenKey
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
wcscat
memcpy
memset

kernel32

LocalAlloc
ExitProcess
CreateProcessW
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
LocalFree

advapi32

MD5Update
MD5Final
MD5Init

cabinet

ord20
ord22
ord23

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ