3c71ccea6117bedea26c75fb5faae609_JaffaCakes118 | Triage

Sharing

General

Target

3c71ccea6117bedea26c75fb5faae609_JaffaCakes118
Size

92KB
MD5

3c71ccea6117bedea26c75fb5faae609
SHA1

9d9793dc55447684f9ccd09a371373a08458e8a5
SHA256

eab70d938c1331c412532e25f0cbf30b1152c4f4f23aa22e4b134d6c8f151bb1
SHA512

e65f476970a7035fd541f7629c1db157275b868e9108b0b04edd6e0f8d854e52b08b0b3ef8233e775e950c41bcdca22f608e764376114542ed0ed4e85c82eb7c
SSDEEP

1536:1l5hq0hxVU9uCPHlRDQK/MWQVIX8ROiA2klSKdli7Vh9i:L5HhxVUsC7sWQzRTtGBGpe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c71ccea6117bedea26c75fb5faae609_JaffaCakes118

Files

3c71ccea6117bedea26c75fb5faae609_JaffaCakes118
.exe windows:4 windows x86 arch:x86

585f0be3c9524acc750b141d848521c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtSetThreadExecutionState
NlsMbCodePageTag
ZwUnmapViewOfSection
LdrAccessResource
RtlStringFromGUID
ZwQueryIoCompletion
NtOpenJobObject
RtlCharToInteger
RtlDelete
RtlQueryRegistryValues
NtQueueApcThread
ZwAcceptConnectPort
NtCreateProfile
sqrt
ZwFlushBuffersFile

Sections

.fdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

weIJUNLi
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ