d311d7d0e5e75e5b989df1ae7cb8549d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d311d7d0e5e75e5b989df1ae7cb8549d_JaffaCakes118
Size

372KB
MD5

d311d7d0e5e75e5b989df1ae7cb8549d
SHA1

77c34a4094e3be521e7b010ebfdca6dae9a89959
SHA256

517e1dc1c1a1f537dc6962d25e3b3b4129171d36157875b5aa6e21eeeca5b63b
SHA512

98b23f494192e298a064d77c7ae34bf5bf2670048e6d4e695e787a3493e5c797d9d86f283c6aa75e97b925c08c54a1ec0415e8708100cf1e8bcdde5bb8066125
SSDEEP

6144:bZnPB2Nm33KjEyv1/Orvkyk4M41+J0B79IDVzEpK3JqOE92gXNmhx+R2UZwWkRPf:bZnPBmmqjEyvBl4Mi+J01GDl1JqOE9Bw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d311d7d0e5e75e5b989df1ae7cb8549d_JaffaCakes118

Files

d311d7d0e5e75e5b989df1ae7cb8549d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0265c57b799170ebdabd7b8ae344bde8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA

kernel32

CloseHandle
IsBadReadPtr
HeapFree
LocalSize
RtlMoveMemory
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
WaitForSingleObject
GetEnvironmentVariableA
TerminateProcess
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE