bd599c4bce2282ddb7c0b2a67043cf2f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd599c4bce2282ddb7c0b2a67043cf2f_JaffaCakes118
Size

50KB
MD5

bd599c4bce2282ddb7c0b2a67043cf2f
SHA1

b4a139907997ea5d3d5a9f4cd592433b8c9d1d62
SHA256

01b2a1c0d7256bb9f8bffd6503a695cd84f667f1f6901d63ed99290d0b783cca
SHA512

8f10dd0060fc23e3a0d3af01a4937cc0cf0fabe449d1a2beb8368cd414f2d8bc66bfc08b7bcef9bf591a65e13751546139a2117e263b2fa35cd76dfff6e7f54a
SSDEEP

768:ppt3A9TeEeL5nArFJGsPpiXFt5VYZLd+JmyyuPXGWgUYg3l:93AHeLFArF58YZUJ9yG2a3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd599c4bce2282ddb7c0b2a67043cf2f_JaffaCakes118

Files

bd599c4bce2282ddb7c0b2a67043cf2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a0a13edd732e583506aec6bace5f5c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
DisableThreadLibraryCalls
EnumResourceLanguagesW
ExitProcess
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetVersion
HeapAlloc
LoadResource
MultiByteToWideChar
ReadFile
SetLastError
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
lstrcpynA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ntdll

RtlFreeUnicodeString
RtlInitString
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlNtStatusToDosError
RtlUnlockHeap
swprintf
wcsncpy
RtlEnterCriticalSection
RtlFreeSid

rpcrt4

I_UuidCreate
NdrFullPointerQueryPointer
NdrMesTypeAlignSize
NdrNonConformantStringBufferSize
I_RpcTransDatagramFree
NdrServerContextNewUnmarshall
NdrServerInitializeMarshall
NdrVaryingArrayUnmarshall
RpcServerRegisterIfEx
RpcServerTestCancel
RpcServerUseProtseqEpA
char_from_ndr
I_RpcTransDatagramAllocate2
NdrOleAllocate

crtdll

fseek
fputs
cos
_seterrormode
_memicmp

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ