c1c3509c9819270c485ac3b48170b638_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1c3509c9819270c485ac3b48170b638_JaffaCakes118
Size

160KB
MD5

c1c3509c9819270c485ac3b48170b638
SHA1

f39991339c6de69a9a3be06c19c3741f3ce83648
SHA256

5bdada97fb2dbad56e72b3dad6709efda3973c97b5b16346e4890682ed5e7bf4
SHA512

15cb1fa56a1084165002178a5d1972426ec693373bdf1c77cb7e7c933841847344977f35e9986134a70a5ae67863b75838483601900e65ea32d76eb1b8c94adf
SSDEEP

1536:iv4qO25Xubkl029V1hOJzIGO1pENjD8NnsG64dRH1mZ139ClgWHuH7N2GjOT3dUb:ivHHlpV1hPGOANusu4XBjuux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1c3509c9819270c485ac3b48170b638_JaffaCakes118

Files

c1c3509c9819270c485ac3b48170b638_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3709f4e67da84c824f5a84036b744c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind

kernel32

SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE