cdeaf059316a00075c56ef58483c218d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdeaf059316a00075c56ef58483c218d_JaffaCakes118
Size

56KB
MD5

cdeaf059316a00075c56ef58483c218d
SHA1

91543993a4d80ecb9db17bdd8a51bf7f8e14d080
SHA256

604318cbd84a295c9c1481ee2bd58085b2e634b2d12e138455a72a96329418d8
SHA512

f2ed55669438f7a02a00a16d39c3e7db626fc24ac9f8439d706ec9a0a814088592cfbf81b9d7b34ae44e0c1619064f044a33ea8485523bdccdfb50b63544ac9c
SSDEEP

1536:TM8K+NgBseVnGI1WIM1Ytt7pGiRkQfIooOizzk:TEBsSpNM18PRkQfIo1Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdeaf059316a00075c56ef58483c218d_JaffaCakes118

Files

cdeaf059316a00075c56ef58483c218d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b7b26c53460857f918d2728bb10e175

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
CreateActCtxW
GetCurrentConsoleFont
DuplicateHandle
LZClose
ConvertDefaultLocale
FillConsoleOutputCharacterA
VirtualQueryEx
GetNumaNodeProcessorMask
CancelDeviceWakeupRequest

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE