68447b207e0afcb8b91c6b9554e36a17_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68447b207e0afcb8b91c6b9554e36a17_JaffaCakes118
Size

480KB
MD5

68447b207e0afcb8b91c6b9554e36a17
SHA1

132b2639808e9368960fe48c207c5b0dda3cf4c5
SHA256

cebb35b1de2928699c1a3a8a579c2136f250cdc5a2cf0e007fb933831c39e523
SHA512

22365029ce6a96eef58ce89b5e84c7589d95df86dfae87c01a18a03fbb8118b4318a01d8734acc871c300f886b6f18f8046a9dfb4bd96719c19c7d4c3baeff07
SSDEEP

12288:bbQOqWdT9CbhrN/mXn1g5XVsbkmvOSE1HJSO:b8Oq/hrZs1WVsbkAOH1HJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68447b207e0afcb8b91c6b9554e36a17_JaffaCakes118

Files

68447b207e0afcb8b91c6b9554e36a17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c01b312b88319d22d101fe350f5225b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUnloadingWOW

ntdll

ZwMakePermanentObject

user32

GetIconInfo
GetForegroundWindow
GetShellWindow

advapi32

DecryptFileA

Sections

.text
Size: 477KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE