e1cfb272bb3860d9556b5a90781aebdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1cfb272bb3860d9556b5a90781aebdd_JaffaCakes118
Size

676KB
MD5

e1cfb272bb3860d9556b5a90781aebdd
SHA1

352e5fc90cfe9f8bad73a66e6f7c8ce8b079526c
SHA256

f7f0f613a091cf4c7d8d909e2d72baa1f8c19512da68ae4c4f46c20da8f20605
SHA512

4014bcc1c15ae06f7ce0c9a50599e1545b1be41c02b916d84962b3e0e68780ebd3450e255c5c57fd6a133884e89bf8f0d0dc27a79a426281007b998e11fa89c4
SSDEEP

12288:bJlVo88nknDa++69Awnbb1/8G9BCwLx8e1uo5WfRbB1UasKt002:bvVoiDa+/9NnbuG9B6e1HWNUaHx2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1cfb272bb3860d9556b5a90781aebdd_JaffaCakes118

Files

e1cfb272bb3860d9556b5a90781aebdd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5320c32fa5b92d40af26784d8a06b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameW
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessA
OpenMutexW
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ