fd2e0f5174beade435dbb7935acfa0d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd2e0f5174beade435dbb7935acfa0d3_JaffaCakes118
Size

812KB
MD5

fd2e0f5174beade435dbb7935acfa0d3
SHA1

8b675b1702d8dd442dac8416f6de7ea32dc1b33c
SHA256

9ee39e716d15ed4751976798faa4bd5e31b5c5e455f3147b28310ba4b9d323ac
SHA512

851723d8a47bf136b0749837496767cb028197111214f5b36984a4cd20d1597b546d09ef6dc4cd09834cebe6a6a5605f0f39defab4361dd8f77a3c0b0a852990
SSDEEP

24576:HXjvRz9QHt/AVdJwwKFUODQNC9UDHHmoReeRDnY3Al:Hzp+NIVclcNC9IRecnYw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd2e0f5174beade435dbb7935acfa0d3_JaffaCakes118

Files

fd2e0f5174beade435dbb7935acfa0d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

789fcde887967786281d550dfabe540e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetVolumePathNameW
GetCurrentProcess
EnterCriticalSection
CreateMutexW
GetConsoleTitleA
SetVolumeLabelA
LeaveCriticalSection
GetStringTypeA
DeleteFileA
SetEnvironmentVariableA
HeapCreate
GetShortPathNameW
lstrcpyA
GetPrivateProfileIntW
LoadLibraryA
GetTickCount
SetStdHandle
HeapFree

aaclient

OpenKeyReader
g_fnStartTransport
OpenKeyReaderWriter
LoadClientAdapter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 800KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ