8810a8a56e7cf791b794332f7dbc17b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8810a8a56e7cf791b794332f7dbc17b4_JaffaCakes118
Size

22KB
MD5

8810a8a56e7cf791b794332f7dbc17b4
SHA1

957f85010f9895db572055eb78fabdbb376d04f4
SHA256

e08c6e8edd449ecb68c09892a91fcaa04d7001bc23da8ca7c4afacff6d175053
SHA512

b58506fd83cabf50c995e04e43c71cc2657f3f6e841cf9783139e7365fe7880048d84e9f8f816bda8b455b6a9e78079595131c447f247f56bfd89e24bd96a7c4
SSDEEP

384:ssnZ/veCsWS4mW5/Rbqb2BW/v4T9CEIpoK1zQYwvwandwQAtfANy+:TZ/veCFh/pBqChIp5GYAdwxfAk+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8810a8a56e7cf791b794332f7dbc17b4_JaffaCakes118

Files

8810a8a56e7cf791b794332f7dbc17b4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e58ea9bd16a5776b3480857c844a26b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAddAccessAllowedObjectAce
RtlAdjustPrivilege
NtAllocateVirtualMemory
NtQueryDirectoryFile

rtutils

TraceDumpExA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE