fb4975dcf31f020d89543329ac519fc7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb4975dcf31f020d89543329ac519fc7_JaffaCakes118
Size

126KB
MD5

fb4975dcf31f020d89543329ac519fc7
SHA1

e0f8964a4b7a778cd83293b58308fdfedf248130
SHA256

9baa13ccd16023663f95225d40b32ce5ec694536a8ff3ae86a17df7d630361aa
SHA512

8cf0dcc10ad96a90c7b99350f1d092bcc5437afecdd3b6c85e06dbd796b33679d2d87f313f3ac81a89cceee0e720391a030a075b373f0fb353d106ff0fd01179
SSDEEP

3072:uNfeu2ZJpzi0djqaz3H492rOH+8up2xaXe23BLX/R5:u620djtDWH+JGaO231

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb4975dcf31f020d89543329ac519fc7_JaffaCakes118

Files

fb4975dcf31f020d89543329ac519fc7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ba6438a5cf3d526f8b41f260938957a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlComputeCrc32
RtlImageDirectoryEntryToData
RtlUnwind
NtQueryVirtualMemory

kernel32

SearchPathW
ExpandEnvironmentStringsW
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW

comctl32

ord17

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ