cf7905803de9de35d09eac1e546fe227_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf7905803de9de35d09eac1e546fe227_JaffaCakes118
Size

84KB
MD5

cf7905803de9de35d09eac1e546fe227
SHA1

69f5a461033c696a881d6fa9c046f29ea94d6c38
SHA256

f98be85a1115f160c14d01ac55d87d72667b786c9d39c9466cc30ab2046da3b7
SHA512

cee10bfe79f2db761c3a2a75fc095b6251c67b17f819bef89c945acb2607b45c632599973b1cdc7c1edc336d1464ddf8d23fe049904225c2268e1c0a74ef780e
SSDEEP

1536:MGiX0l20XndtILT85CvwFzJ4bdmZu2T5FWc8YaEJwZK4/83ZoMOAI:Mn0lDXdtIEQYF+biPWhZEXtpxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf7905803de9de35d09eac1e546fe227_JaffaCakes118

Files

cf7905803de9de35d09eac1e546fe227_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21a67656b31353512084ec66badc6413

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VDMOperationStarted
GlobalUnfix
VirtualAllocEx
CreateProcessW
OpenSemaphoreA
GetCommMask
BaseFlushAppcompatCache
GetCurrentThreadId
SetTapePosition
GetCompressedFileSizeA
GetCompressedFileSizeW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.krdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE