714789467854698ce4bb0b1bc9a7ac10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

714789467854698ce4bb0b1bc9a7ac10_JaffaCakes118
Size

56KB
MD5

714789467854698ce4bb0b1bc9a7ac10
SHA1

57a83a7b96cdd2fb3dc4c62ce04aabc26424d690
SHA256

9cebb999164a0f61e0c4677e878c74654a1e0a721a658c29c96d8bac43550df4
SHA512

f2b510091963d86786df00620b70e11a4088460827523392ced611b909481fd8e038d1ee626bcf53b4968ee787cda9042db813356887fc271284e56c7924bb4c
SSDEEP

1536:0FTI049IDD8fTJTnOYvAkkuWduLl7EAaopVdjdFHFi192i:0FTI049ID4fTpn0/e9EhMjvI9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
714789467854698ce4bb0b1bc9a7ac10_JaffaCakes118

Files

714789467854698ce4bb0b1bc9a7ac10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b4dd147581427b4f596f4c1215bc472

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
GetCPInfoExW
SwitchToThread
lstrcmpi
TrimVirtualBuffer
Process32First
BaseInitAppcompatCacheSupport
ReadFileScatter
GetComputerNameExA
GetFileTime
IsBadReadPtr
RtlMoveMemory

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE