0bfa27e65698193174934ff99fe811ac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bfa27e65698193174934ff99fe811ac_JaffaCakes118
Size

284KB
MD5

0bfa27e65698193174934ff99fe811ac
SHA1

e5f67cf334fa37bd312385acd9bad2083f9fac6a
SHA256

9adff83e852e767040767a6f0b8d61e361bc215dd7f82e951bf4f1aef3f40dc5
SHA512

2b714f6e268c95e1d7c5d811e39ce26c43352da899f4348f550007d521b9e46253fb6cb4839cf2416f7900fca8377c5b83897ccf77ab729a288d5c5f462078a1
SSDEEP

6144:E1FQt3XaBsvNQ8oGKGU2gAbuIn5DgrVVB253gPgmNJyS9G:Esp9VQVJGhgVs5eB253ihNI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfa27e65698193174934ff99fe811ac_JaffaCakes118

Files

0bfa27e65698193174934ff99fe811ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da479008f35a727d26b62e65e4b6ad0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
memcmp

kernel32

CreateFileA
DisconnectNamedPipe
DuplicateHandle
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
ReleaseMutex
GetUserDefaultLCID
GetFileSize
GetConsoleCP

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ