b9e774c6d2eaf71a229dc8e7e249c881_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9e774c6d2eaf71a229dc8e7e249c881_JaffaCakes118
Size

76KB
MD5

b9e774c6d2eaf71a229dc8e7e249c881
SHA1

862106289e922631d33ab97799300a48d6f0eca3
SHA256

9e03f09352af8df8911655acc3511278b15f0adcb8fdf6f3fe172549a476b81e
SHA512

d178d71d203b20d039de837a8d1b794fbf8ddadf76f7c01b7743e90b306f104edfa39869b90f06c6bad12b664d8da6cef2b3971a5763037c8cab46e8a1477656
SSDEEP

1536:+jRRRRTI8IuK7wpreJZROWIuTpOZ3i+ce4ic7LWXd9FFpNtwgSCq8D0o3eLrvqyg:+jRRRRTI8Iu4wprmZROFZ3D5Xd9FFS1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9e774c6d2eaf71a229dc8e7e249c881_JaffaCakes118

Files

b9e774c6d2eaf71a229dc8e7e249c881_JaffaCakes118
.exe windows:4 windows x86 arch:x86

977315f66f9a16ebc31b530e3ec7a030

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaProcessorNode
GetNumaAvailableMemory
AllocateUserPhysicalPages
GetCurrentActCtx
GetCurrencyFormatW
RegisterConsoleIME
ClearCommError
SetThreadContext
FindNextVolumeMountPointA
SignalObjectAndWait

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE