27a3c362d0fa37e6b3e3369068ce5b99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27a3c362d0fa37e6b3e3369068ce5b99_JaffaCakes118
Size

28KB
MD5

27a3c362d0fa37e6b3e3369068ce5b99
SHA1

37d41a300a9cb6bdee7f7b3663fa252d1881e9a8
SHA256

d6ddb09a480e358d481741718a4eaecb2ee1d6f3641f2966024ae2982dbf6372
SHA512

0cc2bf874b09b845c90c3e72640acc6d8f89ea0e02e318dc6766aa9f15d0892efaf6ee0b163bd2b3a7d11dcb8135c7e7272b56ac7e2846973a23c55c40d71944
SSDEEP

384:ciWvKuXkjTX8mUo7dUlmJyHnRpnofRC/lZpGfS8th1su83T3sXQebWzFyi:cWzUtUJ8RpC0lZqbL1sxD3aQ+WzFy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27a3c362d0fa37e6b3e3369068ce5b99_JaffaCakes118

Files

27a3c362d0fa37e6b3e3369068ce5b99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b128cb35df10d347a551e0c4b649f0a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
SuspendThread
GetProcessHeaps
IsDebuggerPresent
SetConsoleKeyShortcuts
GetConsoleScreenBufferInfo
SetCriticalSectionSpinCount
AllocateUserPhysicalPages
CreateMutexA
GetVolumeInformationA
RegisterConsoleIME
GetExitCodeProcess
GlobalWire
GetVolumePathNameA
GetBinaryType
ContinueDebugEvent
FindNextVolumeA
SetupComm
GetCurrentThread
FindNextVolumeMountPointA
ReplaceFileA
SetHandleInformation
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwLoadKey
wcsncpy
NtOpenEvent
isdigit
ZwFlushKey

Sections

.edata
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WEIjunLI
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ