396908b19f4b80e6c35bc6b06a4dfb1b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

396908b19f4b80e6c35bc6b06a4dfb1b_JaffaCakes118
Size

92KB
MD5

396908b19f4b80e6c35bc6b06a4dfb1b
SHA1

dd1ba0b45d381ecf92e518a83717d041d750f289
SHA256

0994a504afcbdca81547bb8891c5ad2a29f7c4b9c3206949a4719b7b13fb58d2
SHA512

70d8388fcd368b32809da9e1681803f23c80c8be377f9e29438a19e6d16301dab17774c0530b4c7b1e2b5f2ad119a489d0a3a37a6b17cf2553293a1dfd7265ae
SSDEEP

1536:h7eopdBsfIZydixPHzBegd5tLNdDxypp7jJVraU8Dk2:hy6dBsfIZydwPHVegdDBXy/LaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396908b19f4b80e6c35bc6b06a4dfb1b_JaffaCakes118

Files

396908b19f4b80e6c35bc6b06a4dfb1b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d83f4a1f643061d186cadc7533fa113

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalLock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

strspn
ZwSetSystemEnvironmentValue
ZwCreateSemaphore
RtlInitializeHandleTable
ZwAllocateLocallyUniqueId
ZwLoadKey2
NtLoadKey2
RtlAddAccessAllowedObjectAce
KiUserApcDispatcher
RtlGetSaclSecurityDescriptor
ZwGetPlugPlayEvent
NtListenPort
NtDeleteFile
RtlValidAcl
RtlStringFromGUID

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

weIJUNLi
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ