12da9c7776dc3c1a9c307ac61a24ce8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12da9c7776dc3c1a9c307ac61a24ce8e_JaffaCakes118
Size

94KB
MD5

12da9c7776dc3c1a9c307ac61a24ce8e
SHA1

c849c54a4e00173b1bfe37183faa76f50508cd37
SHA256

926084d57bf093d931e358519e7e362ad4dd93f1edc7ae1a96007b3f6a84a883
SHA512

f96d51f1a211e50b219bff3dc673816725eeb6da352cd4832abcbc5f036903fb3cf47cc70f7245a4d4b4100603f8399fdb63453cd647f2b1b4ce1068d27a62bb
SSDEEP

1536:ixanneSRi6hG6zAgrE5b2l6eRK8r/6GIfIuHSDdmvXoDfL9UZR0v3uoj8fMf9y:ianeYRhG6M+lZ3iGIgA/XAfmZ+v5j8ft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12da9c7776dc3c1a9c307ac61a24ce8e_JaffaCakes118

Files

12da9c7776dc3c1a9c307ac61a24ce8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e11b50a65b435f4d0ad5ecd6ae78ccc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtClose
NtAlertThread
NtConnectPort
NtFindAtom
NtListenPort
NtOpenEvent
NtLockVirtualMemory
NtClose
NtAlertThread
NtConnectPort
NtFindAtom
NtListenPort
NtOpenEvent
NtLockVirtualMemory

advapi32

BuildImpersonateTrusteeA
ControlService
CloseEventLog

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE