4093cb8e16d4886ba8300dac7bf01acd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4093cb8e16d4886ba8300dac7bf01acd_JaffaCakes118
Size

83KB
MD5

4093cb8e16d4886ba8300dac7bf01acd
SHA1

b1f02872490d5e5cf799164b5bba3ae1494c7f85
SHA256

bcdf59343fed750fc5a474a6ec7c6052d6548eb933b432b57b16c07f4866475e
SHA512

39ff2f0c0f53ce14396a6905ed10c977e5a55b88938dbacae3dbc699ed7d0c704e60fd94460c3f96c709fc16a676ccdd3b0d1340cd17aad4d054b808b07c7e4d
SSDEEP

1536:gdvdp8GbWOpevWQn17HGpsviduJ1AOhEb8kYz5B3jjEErxTWDTMqhGKYIZTET8bc:gx+17HmsviAdc851B3jjBkMqhGKZTbbc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4093cb8e16d4886ba8300dac7bf01acd_JaffaCakes118

Files

4093cb8e16d4886ba8300dac7bf01acd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c871237e176a6f2ac3a6397e522a9828

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindActCtxSectionGuid
ZombifyActCtx
ReadProcessMemory
VDMConsoleOperation
GetPrivateProfileStringA
GetConsoleWindow
GetProcAddress
AttachConsole
GetPriorityClass
CallNamedPipeW
DeleteFileW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zrdata
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE