d2f77e2630ab4757c9388ae3af010e93_JaffaCakes118 | Triage

Sharing

General

Target

d2f77e2630ab4757c9388ae3af010e93_JaffaCakes118
Size

1.6MB
MD5

d2f77e2630ab4757c9388ae3af010e93
SHA1

bc5b4f57d0961185a3fedd082eb47100e2b4fce3
SHA256

b785c61d47965f38a58499cc34b7264e3d27348bffc0a877a527ff62dfc109ac
SHA512

0df29ea3e7d678466ea6fc0f5da2667d7f96d1d723d3e835a56e76c9797ecb0a6e3d3eb8294f7a6131b4f9fba2c80b09fef33393f77b22ea99bafa0820751af7
SSDEEP

24576:uZ/ZE2FxOwvo13dFVk+ISm8hICi4qdvi17Gt4keqPlYdMLi7rzT78HjaVhb4/Am:uZ5Owck8Ni4+viVGeqP2dMY3H8GVhb4/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2f77e2630ab4757c9388ae3af010e93_JaffaCakes118

Files

d2f77e2630ab4757c9388ae3af010e93_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ea7a740b155bf198aece77cd2756cc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

RtlInitNlsTables
RtlLengthSid
RtlEqualDomainName
DbgPrint
RtlFreeAnsiString
ZwSetInformationProcess
RtlFreeHeap
RtlInitializeResource
RtlIntegerToChar
KiFastSystemCall
LdrGetDllHandle
RtlGetCallersAddress

kernel32

GetExitCodeThread
GetCommandLineA
CloseHandle
GetCPInfo
SetConsoleCP
GetModuleHandleW
VirtualProtect
WriteProcessMemory

Sections

CODE
Size: 508KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rflrsc
Size: 1016KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ