bb6faa2e23a7e87607498d5b9762dc57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb6faa2e23a7e87607498d5b9762dc57_JaffaCakes118
Size

168KB
MD5

bb6faa2e23a7e87607498d5b9762dc57
SHA1

4bfa35af1bfe62ad494c4ca4557e3ae899cad6ed
SHA256

40dd898c9674beda31a03b1943733f26b692cc1d9e68c315e39076a2c789601a
SHA512

c44d4a4927acd2834eec4e8e7fffaa99294ae10a75bb3136a8fb1dee53a60b24921565da0f961672c93b94ddafa46c4394a98ba686db809d30d8033480156ee5
SSDEEP

3072:Sv+KtKrLCXeRs7o6pKn8ftHn6PF1BWD3ibqz95MEGNy6+7TTCu:6NeYpKnpFyz95MEGNyFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb6faa2e23a7e87607498d5b9762dc57_JaffaCakes118

Files

bb6faa2e23a7e87607498d5b9762dc57_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3709f4e67da84c824f5a84036b744c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind

kernel32

SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE