f55da5a78b8eebbf1d016aedd0e5b3e8_JaffaCakes118 | Triage

Sharing

General

Target

f55da5a78b8eebbf1d016aedd0e5b3e8_JaffaCakes118
Size

452KB
MD5

f55da5a78b8eebbf1d016aedd0e5b3e8
SHA1

a6ece22e32b97b99258a568e509200c68323228f
SHA256

70c4a6ed841133b04bffef1b901549e8f79aa56a03e94c00781b098e3179d8b5
SHA512

26890a64bcf601b6bd311c751d1a915b5bafece8add0475fe31013989081ce80969f40815e0c3636b28d977b6e70f630be00e0c4e512aad85dcdd5e4d41b6297
SSDEEP

12288:S5vj+XHb18Tr0wzWJDc/d3kcsc7uG5Z2HaWn/ORkj:SVCSTr90EdicLZJW/Ekj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f55da5a78b8eebbf1d016aedd0e5b3e8_JaffaCakes118

Files

f55da5a78b8eebbf1d016aedd0e5b3e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

75961216b35cb03ea2c33af9786045d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memset
_vsnprintf
memcmp
_snprintf
strlen
memcpy
strcmp
_strcmpi
strcpy
RtlRandom
RtlAdjustPrivilege
strstr
_strlwr

kernel32

CreateToolhelp32Snapshot
Process32First
lstrcmpiA
OpenProcess
CreateRemoteThread
Process32Next
HeapAlloc
GetProcessHeap
HeapFree
HeapValidate
GetTickCount
GetWindowsDirectoryA
OutputDebugStringA
GetCurrentThreadId
GetLastError
ExitProcess
VirtualProtect
CloseHandle
GetModuleFileNameA
CreateMutexA
SetLastError
VirtualAlloc
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualFree
VirtualQueryEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory

user32

GetDesktopWindow

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ