12eb26dbf8d8c52b13d80bc6d78aa209_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12eb26dbf8d8c52b13d80bc6d78aa209_JaffaCakes118
Size

95KB
MD5

12eb26dbf8d8c52b13d80bc6d78aa209
SHA1

559e5aa392c7fe881beb78d3cc61139a12ffeb2d
SHA256

a28dc9798c1406daa9fc9ad8fdab3be9a6d7909460a5b53ee9f658b5fc6ee6dc
SHA512

6580309147ffe6a4bb71040a4d76f1569633f8e6c47a03b6905a92a5df5ca2618f23272a613c121baef1784937e66f96bfd24895870ca35a3eb615b781054c15
SSDEEP

1536:1hdASuVYFcfQbCVynd/F+T9M28Hqr9B8elrzxYkzjD4PZCzLH2YnCELnJQY9iILm:1hFVb7nd/o9GHqD8QzxXD4PiHHntX+U0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12eb26dbf8d8c52b13d80bc6d78aa209_JaffaCakes118

Files

12eb26dbf8d8c52b13d80bc6d78aa209_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb343e4ab37ca837a404e15ccc13a6d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MapUserPhysicalPages
CreateSemaphoreA
GetTempPathW
AddLocalAlternateComputerNameW
QueryDosDeviceA
VirtualFree
GetPrivateProfileStringW
GetTempPathA
GetConsoleCommandHistoryA
SetCurrentDirectoryW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE