ff55242d403df7a567dc5773b4f1174e_JaffaCakes118 | Triage

Sharing

General

Target

ff55242d403df7a567dc5773b4f1174e_JaffaCakes118
Size

1.1MB
MD5

ff55242d403df7a567dc5773b4f1174e
SHA1

8fa6b5fbece4dbc12c0eb2a08757c61e1cbafca1
SHA256

973ca6f1b51833b44436dd7c01e3c16a724d34209e84c2300028f93a51577387
SHA512

9a32f7ae6e88c5030446ca0f9eaf0b37085a06617b1a4bf2498a0b7dbb3f2b83c31960162f76456fcd998b53aef6b42d7d199ea54d61ba9a9b570c0de4e92129
SSDEEP

24576:6UTtq4xJvC9Fb0ZNOenJXvaQ9znVbm26zD2Qp4OD:9JvCTb0FJXv997JmFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff55242d403df7a567dc5773b4f1174e_JaffaCakes118

Files

ff55242d403df7a567dc5773b4f1174e_JaffaCakes118
.exe windows:1 windows x86 arch:x86

3eae0a204e0ff148215aeb10e0a306dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

OpenProcess
Process32Next
WaitForMultipleObjectsEx
lstrcmp
GetLocalTime
Sleep
GetLogicalDriveStringsA
CloseHandle
SetHandleContext
VirtualAlloc
WriteProcessMemory
GetProcessIoCounters
DeleteTimerQueue
IsDebuggerPresent

winspool.drv

DeletePrinterDriverExA

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ