dff83f5c00fd3675dcde85d2b3e1499a_JaffaCakes118 | Triage

Sharing

General

Target

dff83f5c00fd3675dcde85d2b3e1499a_JaffaCakes118
Size

621KB
MD5

dff83f5c00fd3675dcde85d2b3e1499a
SHA1

105d3acf5a610253931e730bf2d905c20a4a6171
SHA256

67632bcce9df58cd1c3ef0d94db1c8cc51ec79e0a5587341421893b8847d7a4f
SHA512

1d91e41be11b366831fb915d8e8d7e3d4e52400e83b55284e687de75f1efd9ee56e9929d76316a3b5958662429b106af23b736fafab98a3d7839183bdc84605a
SSDEEP

12288:rOuZU278LFhVT5+H4gmKpf41vRWZvufOZi+0G9BBeolulMPFLq1dxW1wAt:rOuKb7u1mKpf4svufAvf0olulMiER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2082567.com

Files

dff83f5c00fd3675dcde85d2b3e1499a_JaffaCakes118
.zip
2082567.com
.exe windows:5 windows x86 arch:x86

02e04c9a8ff4d398d9ba044eb59173ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPGenKey

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerA
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ