cfcbf9840b1e7991296489866f0594ce_JaffaCakes118 | Triage

Sharing

General

Target

cfcbf9840b1e7991296489866f0594ce_JaffaCakes118
Size

303KB
MD5

cfcbf9840b1e7991296489866f0594ce
SHA1

e409be6ccf7cbe7f3a7422e097dce16bb0abbbd5
SHA256

b997ec20ec74014ebbb4dad56049ad51be2752cd3b86cd429aeb24c25478bbf9
SHA512

a0cbed43fe05cba20c26d9c4aa61b0e8d42b28cf2e4dc01c8fcbccaebbe25e1d15c59159673b3b2def782dc6c47ccdcaac5b8f095f866ecc765661479c330521
SSDEEP

6144:2rP7aZfM3BpWm5DvViwh4aO+BntYIW4ZrnplENZ809dEL3uc1AnRk:EjaZfMfHv0wHe4pnpKdguc1Anq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfcbf9840b1e7991296489866f0594ce_JaffaCakes118

Files

cfcbf9840b1e7991296489866f0594ce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

207630089a0f25039bf050d14352b121

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetThreadContext
LoadResource
LockResource
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlFillMemory
RtlMoveMemory
RtlUnwind
RtlZeroMemory
SetThreadContext
SizeofResource
Sleep
VerSetConditionMask
VirtualAllocEx
WriteProcessMemory

user32

SetTimer
MessageBoxA
KillTimer

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE