52b96d65f1a52dbdf2c8674eaa0c94f0_JaffaCakes118 | Triage

Sharing

General

Target

52b96d65f1a52dbdf2c8674eaa0c94f0_JaffaCakes118
Size

64KB
MD5

52b96d65f1a52dbdf2c8674eaa0c94f0
SHA1

2080791c62e8573e120aaa2e6e240e880da63a9e
SHA256

f0d8dd0421db16182f0fcbf1e287bba6885bd6d75c3488c812e3e33b83bf2a4a
SHA512

dee1278bd0f53f853bc37d7f5acef835b8ebf51c68d9a8ac9bfbbbeac5669d78ef2b0a500a57908c707582cc5f4aecef5e86857d9214da2b9bcea8b113b2917b
SSDEEP

1536:yX4BqE36vSu1atTcmPICkml7r75R2GDRo9/26jC/YgZ:yIwCucTcmPIGlFR2p/2L/YgZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52b96d65f1a52dbdf2c8674eaa0c94f0_JaffaCakes118

Files

52b96d65f1a52dbdf2c8674eaa0c94f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9eb832a592265f2e50970e6b4e31ce11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointW
FindFirstFileA
SetConsoleFont
GetCompressedFileSizeA
SetEvent
VirtualQuery
LoadLibraryExA
ExpungeConsoleCommandHistoryW
lstrcpyA
CreateIoCompletionPort
SetEnvironmentVariableA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE