ba0af705e506cc379cc9d60968842a4e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba0af705e506cc379cc9d60968842a4e_JaffaCakes118
Size

92KB
MD5

ba0af705e506cc379cc9d60968842a4e
SHA1

3e5ecd248096f7ed5eb76e56c599645d149ca83b
SHA256

2081e700d5e073a8560f1e038801d3f9735800941ba75923e94915fcca2ded89
SHA512

f7ca583fb2270a399aae40f6639a4a64c12b8f9286d99ef2f7e09724909cd10e6e201b1bfb6840d1535b1d2379770d402c753a55569c45c832502cb330863b63
SSDEEP

1536:q5AesCGc7yCYZlFKnG39sdKLLFzQ0MgpAXvhPsu+KfcpaaM9Dq:q5ANcupPFKnU9sdmFRMgSvhPs+Up89W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba0af705e506cc379cc9d60968842a4e_JaffaCakes118

Files

ba0af705e506cc379cc9d60968842a4e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3b4de68ab1a4b8068ddc5f80ddbbf940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetInformationObject
swprintf
ZwClose
ZwOpenFile
RtlImageNtHeader
RtlStringFromGUID
RtlDosPathNameToNtPathName_U
LdrFindEntryForAddress
ZwQueryInformationProcess
RtlRandom
ZwAllocateLocallyUniqueId
RtlFreeUnicodeString
wcscpy
ZwQueryValueKey
ZwOpenKey
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
wcscat
memcpy
memset

kernel32

LocalAlloc
ExitProcess
CreateProcessW
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
LocalFree

advapi32

MD5Update
MD5Final
MD5Init

cabinet

ord20
ord22
ord23

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ