03223dd84add0df3b1890f166f521430_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03223dd84add0df3b1890f166f521430_JaffaCakes118
Size

92KB
MD5

03223dd84add0df3b1890f166f521430
SHA1

693f784806246c4933ff957d6b0141a1f040c40c
SHA256

38b85a6739e1767c7a2a801ab2799468e3e986f942a765420e9d936f90579d6b
SHA512

879fe8766db3ec64d43131149f14a96ee026ef5b8300e216a4708c9f4692867a4b78346e2f0239866367abfecbfd04404f53c2695a2779606a9f11a4770bfde4
SSDEEP

1536:xWewvrZYsXPj/Jx7oK+IsUG1vGg0LXOudxtDmeHKwax3dRSuh:pIrTT78XIXsG/zVdnHKwax3Cs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03223dd84add0df3b1890f166f521430_JaffaCakes118

Files

03223dd84add0df3b1890f166f521430_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbcb4ce9fbbeae4ec9f96c8ae07be4ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
SetLastError
GetTapeStatus
GetExitCodeProcess
GetConsoleHardwareState
ClearCommBreak
GetConsoleKeyboardLayoutNameA
RegisterWaitForSingleObjectEx
GetConsoleWindow
FindClose
GetTapeParameters
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlZeroHeap
vsprintf
NtLockFile
strstr
NtReplaceKey

Sections

.rdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEIJUNLI
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ