aa55ba1b02c696c2af31233c781f658f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa55ba1b02c696c2af31233c781f658f_JaffaCakes118
Size

109KB
MD5

aa55ba1b02c696c2af31233c781f658f
SHA1

971f54b1d7e0f904f809f10964885d1ddadf70d6
SHA256

772997251d3119a053ce0837be468aed02906339346d128230aebaa01de361cd
SHA512

8dd6ee9bc9738f84c19c501a80ff5419663f6d59d95967ee45fe4b901b7407d677294b16bb933cd257b4d51f578050b805ee33aaaf06e7d3889cc8e4705233a3
SSDEEP

3072:Ezbb/jcBEr6Fy7Tpb24AY3+q++/7jugs1a9QJMZX:Efc46Qd24Z++fuRa9KgX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa55ba1b02c696c2af31233c781f658f_JaffaCakes118

Files

aa55ba1b02c696c2af31233c781f658f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abb75551ba7f6d3581554338c57a4cb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadIdealProcessor
FindActCtxSectionStringA
GetBinaryTypeA
FindActCtxSectionStringA
TerminateProcess
GetUserDefaultLangID
WaitForSingleObject
CreateTimerQueue
GetProcessVersion
VDMOperationStarted

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 85KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE