f8c07d4aad3880cdfe2954cbd67bbfa2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8c07d4aad3880cdfe2954cbd67bbfa2_JaffaCakes118
Size

289KB
MD5

f8c07d4aad3880cdfe2954cbd67bbfa2
SHA1

467fd2a8bf2ca617f47f630f8589f1851ad2e2a1
SHA256

c45815bd3cdd064c18ea528c412de3b43cce96c78f0507caa25a856ebdae98e6
SHA512

1ee561ea95ccac32db00899dccb9da9d9f2a07605b2d3c8d4b4a0d663eced240a95ffb11c2807572fe9e7958a590ed9a68f8a9b84a0f815eb328946bf36f1556
SSDEEP

6144:kMsYBNvrrbguF6JG2iJsr7d0aIu5we/KwrNEgde1c9qggijTWAUx:kj0NvvbJIcsr7dvIu5wyESZ5TWAUx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8c07d4aad3880cdfe2954cbd67bbfa2_JaffaCakes118

Files

f8c07d4aad3880cdfe2954cbd67bbfa2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

653e8e8dff63eef38ee7e3d0b16c9e5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetProcessHeap
GetExitCodeProcess
ResetEvent
CreateFileA
OpenEventA
GetConsoleCP
IsValidCodePage

user32

SendMessageA

Sections

KdcrKYMZ
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

uNGucsJr
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bbilNpmr
Size: 259KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE