3ab5220a9f3484c6186ceeda95fde9a8_JaffaCakes118 | Triage

Sharing

General

Target

3ab5220a9f3484c6186ceeda95fde9a8_JaffaCakes118
Size

92KB
MD5

3ab5220a9f3484c6186ceeda95fde9a8
SHA1

863cc51fdfffdb2db29c2ae0d263fd8cb95d3e09
SHA256

12fed72d6f1964eed193c0d9da2e55770bb90327f329ecc5270c606e0004c54f
SHA512

01d71c99c2db8ef4c422e29c5e16239ef1f3c6f4e9932bac89ba0bcee0c6be8d078390453fd6f1dd45e9393a6b0a268e170306a410fa876f1142edd4dd61669e
SSDEEP

1536:R6st5o8PZzQtDO0kJMs3qbSSMa2cSgg1koPx+XMtWmO7nEXiqSqeGaf2vR:R6sLZkty0kSsbTcSgIPPInEbSqeGaf2J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab5220a9f3484c6186ceeda95fde9a8_JaffaCakes118

Files

3ab5220a9f3484c6186ceeda95fde9a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc0100d3109f18d5009f131e48798776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtWaitForMultipleObjects
NtWaitForMultipleObjects
NtReplyWaitReceivePort
ZwSetLowWaitHighEventPair
RtlUshortByteSwap
NtCreateSemaphore
ZwCreateTimer
RtlSubAuthoritySid
RtlValidSid
LdrQueryImageFileExecutionOptions
NtCreateWaitablePort
RtlCreateEnvironment
_stricmp
_aullshr
RtlAddAuditAccessObjectAce
NtSetDefaultLocale
RtlDeleteTimerQueueEx
ZwSetIntervalProfile
RtlDeleteTimer

Sections

.gdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ