8ebc2ce44a989eabca745dc6b80c992c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ebc2ce44a989eabca745dc6b80c992c_JaffaCakes118
Size

153KB
MD5

8ebc2ce44a989eabca745dc6b80c992c
SHA1

0d674e796745f529018a0ecaf565bc9c2f2214f9
SHA256

c8d076ed9dbe51d63596b7526d7a2f8330beeacd05d182ac0fb96ae12b070dc7
SHA512

3fb39ba66fd726d6cb9d6eadab1db3f5f83d9bf9fbdc8e40e196ace14e9e34185ee302ca88afb13a3b35056b3f26547263ba9465441ef4af0fd50c97fd46c0ca
SSDEEP

3072:1PYv/knlHLM2pjQSgUkg7Nh4Es0Y8+uCSsh:u/uvlfNh4EV+osh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ebc2ce44a989eabca745dc6b80c992c_JaffaCakes118

Files

8ebc2ce44a989eabca745dc6b80c992c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1e3e176a20a98e2535ad4ea6fd74a84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandom
ZwQueryInformationProcess
ZwProtectVirtualMemory
LdrFindEntryForAddress
RtlDosPathNameToNtPathName_U
ZwAllocateLocallyUniqueId
ZwSetInformationObject
swprintf
wcscat
wcscpy
RtlImageNtHeader
RtlFreeUnicodeString
RtlStringFromGUID
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
wcslen
RtlPrefixUnicodeString
RtlGetCurrentPeb
ZwOpenFile
memcpy
memset

kernel32

CreateProcessW
GetTickCount
GetSystemTimeAsFileTime
ExitProcess

advapi32

MD5Update
MD5Init
MD5Final

Sections

.text
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE