851f7bba2c7d772e92b9ade789d85354_JaffaCakes118 | Triage

Sharing

General

Target

851f7bba2c7d772e92b9ade789d85354_JaffaCakes118
Size

167KB
MD5

851f7bba2c7d772e92b9ade789d85354
SHA1

9918bd0cca08d59f89937d471c39af4d154510cc
SHA256

33b0a7e062ef7e109cbc5b460eab9665a56cd1a34d371a723f248fa5c0fd9b9f
SHA512

b76890d05a0a8a186b7f88d2f9f1b8d0ed369c54555e887ca1a0f7050116675592499c837a08573c4ea9237a2ca8a5183b165d3402c3d5d3b9344c8496cfeb5e
SSDEEP

3072:ox7alukHFUMMnMMMMMX7I7Djgb9Ep4MAdyMx6HEWojzg6jOGyUiXr4l3+xAaSF4B:ox7aldmMMnMMMMMaiEp4MCGuOcarRJ5B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
851f7bba2c7d772e92b9ade789d85354_JaffaCakes118

Files

851f7bba2c7d772e92b9ade789d85354_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1b11aaa6ff6bdbabfbfd31931c8eb89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAddAccessAllowedObjectAce
RtlAdjustPrivilege
NtRequestPort
NtAllocateVirtualMemory

kernel32

FormatMessageW
GetLastError

rtutils

TraceDumpExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE