882618d9ad3d663df359120ac614118c_JaffaCakes118 | Triage

Sharing

General

Target

882618d9ad3d663df359120ac614118c_JaffaCakes118
Size

63KB
MD5

882618d9ad3d663df359120ac614118c
SHA1

14e589f8220813d2ed002f01fe61c9c8a70f929a
SHA256

c14f8b07820da27858be0a80db87719e0f4374731c31fa0a69cdccd768553464
SHA512

f992d09e4b86bf40733dedf6b7a938fa5ec39d97265f3410fe0e76a2a26e88291a901af0c4eb602ee753147f4871d489ecff3f1a2173cc47227dda363592dab3
SSDEEP

1536:0Yz3qCYa0lIeOach64JnvKzyZHmJm0CAVnNqO6:QC8lTsh64qyEcAxUO6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
882618d9ad3d663df359120ac614118c_JaffaCakes118

Files

882618d9ad3d663df359120ac614118c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b43954e5853bd2f3ae3d91a890e4a73b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LZRead
GetCurrentActCtx
GetConsoleAliasExesLengthA
GetCurrentProcess
QueryDosDeviceA
GetHandleContext
InterlockedCompareExchange
HeapSummary
Wow64EnableWow64FsRedirection
RemoveLocalAlternateComputerNameA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE