9491709630b34d61103c54295e85a929_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9491709630b34d61103c54295e85a929_JaffaCakes118
Size

21KB
MD5

9491709630b34d61103c54295e85a929
SHA1

9234c27519d27a5c4e470516075a07291c5a39ed
SHA256

41060df25d409169951bcbb34bf23e6f4c8a09e12a1fe0b2a8cecb6165b87c73
SHA512

f616b229f771e3dbe6644e8907b5ba1ef4d43710d94ac7392d26e5ee3ae27e6b8cba1a47257082cec5c47c1d7da1574c2b37121f78038146e8eac10cf880f746
SSDEEP

384:RUn5hKfneUVhcjWS4mWuGODbOin+Ppez7zRDgDzi38zz4gv5V16k:Sh4eUVRKbOY+MX2zk8vfVw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9491709630b34d61103c54295e85a929_JaffaCakes118

Files

9491709630b34d61103c54295e85a929_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00a74eef46fa4706e03ad6a74c612b6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSetInformationObject
NtAllocateVirtualMemory
RtlAddAccessAllowedObjectAce
RtlAdjustPrivilege

rtutils

TraceDumpExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE