72ff12d486c005bb6f5f4ff5e894201c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72ff12d486c005bb6f5f4ff5e894201c_JaffaCakes118
Size

477KB
MD5

72ff12d486c005bb6f5f4ff5e894201c
SHA1

df5279b1c7598bd626ad84b5a5bc2a8b2d197e09
SHA256

db6f93532bce101f6259e5c64dcbca83881ba895541d732fed6d09e583ca53b4
SHA512

e310cc348340efe9d411f2d3f991f9f11340d6041e30e80cde55fcc4445273f40ad16c8bc52e81f1a6b5cc8696ea788840fbd351208c72142b3094a06ea6b34a
SSDEEP

12288:smYrtFkzG8TamxF75WIVRQA9IUoijBb4SC:pYfYG8WyF9BQAjxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72ff12d486c005bb6f5f4ff5e894201c_JaffaCakes118

Files

72ff12d486c005bb6f5f4ff5e894201c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dc65f4371a0adf3ef43140348b21fdcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
LoadResource
SizeofResource
GetProcAddress
OpenMutexA
LockResource
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

msvcr90

_crt_debugger_hook
malloc
memset

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 694B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ