428769d63236f2447cdc1f860ee1f856_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

428769d63236f2447cdc1f860ee1f856_JaffaCakes118
Size

280KB
MD5

428769d63236f2447cdc1f860ee1f856
SHA1

d3a404b28979320a3cafaa859ad577e8652dca0c
SHA256

b17efb96fa54edb656ae36e7358221a389e2bafe271eceebb3de19a7c71df93f
SHA512

b729146056eeab2c418edc9131bf7c1a69c7078102221bfa0eb4e69c3704c5082f676fb5b797f3563cb540820e34fa525fe20dcc041f6e63e3e814393c33aee9
SSDEEP

6144:ziJXI4ubtnJfmBPhMqcmpder5B32B+R0JVqWo3jwf8UNp:ziJXIlbtnJfKMqWm+YPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428769d63236f2447cdc1f860ee1f856_JaffaCakes118

Files

428769d63236f2447cdc1f860ee1f856_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7c7b4bd6de2593985a015d09c1ea790c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
memcmp

kernel32

CreateFileA
DisconnectNamedPipe
GetConsoleCP
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
GlobalAlloc
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeap
GetModuleFileNameA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 738B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ