fdea345a95cf474a46d86b0b813a0864_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdea345a95cf474a46d86b0b813a0864_JaffaCakes118
Size

76KB
MD5

fdea345a95cf474a46d86b0b813a0864
SHA1

f2f918b1d2e10f4e2059e1d8a8917cf6b2252252
SHA256

7d78838a3d5a280616bb165892ac96af452221e95f406c6fb549756471eb64fc
SHA512

239b92da95a7db13b46c4a34e8b2e8a9002b5604c7c53d044c44ac027c6f882575d0d360680964a1b863eff8b3446b5ce36e52178099bc9edb4e6ae0afc0dd2e
SSDEEP

1536:EqeJOnX7l6jGQXcX6pHuYk8hx4y5Uh56TihQqpjVrs2ryrd1vUQuq6:NeJOXBLYksxm6TihfHs2qo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdea345a95cf474a46d86b0b813a0864_JaffaCakes118

Files

fdea345a95cf474a46d86b0b813a0864_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b488a88b0b66c38a2f62792c608190cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaAvailableMemoryNode
MoveFileWithProgressA
RequestWakeupLatency
GetCommModemStatus
FreeLibrary
HeapAlloc
lstrcmpW
DeleteVolumeMountPointW
EnterCriticalSection
RtlMoveMemory
OpenEventA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE