f63214a7428881b0ee32d191a09dd913_JaffaCakes118 | Triage

Sharing

General

Target

f63214a7428881b0ee32d191a09dd913_JaffaCakes118
Size

78KB
MD5

f63214a7428881b0ee32d191a09dd913
SHA1

05bffcd2ea88fbd8de64d7e6145418e92b245868
SHA256

452eb2d020d7bc2fb82f0cd7899cf5caeafd998fd6caa950bf5b055b7dfe9ace
SHA512

8c7e776ab2e9f442c60ef8030c49b752045ca813ef6ddbb6efcb019cc60e99d9b0916d8997a384def3eadd4ec8b59af69cea3aa64426894073e1e21ee44b5000
SSDEEP

1536:1av+Twsu50Uvx12ZsyR+6ek+/DZvww8d/WJUFLSoNtiQn:dTO5R5EZsc+EUCBdiELfviQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f63214a7428881b0ee32d191a09dd913_JaffaCakes118

Files

f63214a7428881b0ee32d191a09dd913_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f462c1cebdfc39b918b6019d028df74e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtQueryDirectoryObject
ZwReplyWaitReceivePortEx
toupper
NtReadFile
ZwSignalAndWaitForSingleObject
RtlUnicodeStringToAnsiString

Exports

Exports

InitDrwvoachi

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 70KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ