JaffaCakes118_d445f2fc46d081fe083ca84807578efd | Triage

Sharing

General

Target

JaffaCakes118_d445f2fc46d081fe083ca84807578efd
Size

168KB
MD5

d445f2fc46d081fe083ca84807578efd
SHA1

5be009e7a7758d679b47f44ef43c965fa00b0cfd
SHA256

e674dd6e39ff6d3eed6f4faf4cb574ee25a3cd832c166c44c1bc92fee1b16454
SHA512

45e9584b87007ef1f11f8aa90b81530a9cb044aed4b582d4d53d91fa4db518e4561c62591830322fabdcf1d3b0829c6b437345157bf73a873374b7a3ff9675f8
SSDEEP

3072:3LpcEFMDpwq9upFim2ncppqf+YvqWgXNFAObyXMpVH:3LpA+q9i2ncppqftvoqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d445f2fc46d081fe083ca84807578efd

Files

JaffaCakes118_d445f2fc46d081fe083ca84807578efd
.exe windows:5 windows x86 arch:x86

68006bd91c501016860fdb84a3f79e29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

OpenProcess
GetCurrentProcess
SetEnvironmentVariableW
LoadLibraryW
DeleteFileW
GetModuleHandleA
CreateJobObjectW
GetSystemTime
OpenFileMappingA
CreateProcessA
CreateJobObjectW
HeapFree
VirtualAllocEx
CreateSemaphoreW
OpenJobObjectA
TlsGetValue
GetEnvironmentVariableW
GetModuleFileNameW

resutils

ClusWorkerStart
ClusWorkerCreate
ClusWorkerTerminate
ResUtilGetBinaryValue

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.qdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE