05e44a61204de9816ff25925e7122ed8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05e44a61204de9816ff25925e7122ed8_JaffaCakes118
Size

68KB
MD5

05e44a61204de9816ff25925e7122ed8
SHA1

4b8871c3545153586fe97c1deb2019756e7b6871
SHA256

16967d850794619238436b026ee53406f128752393b8d76b42420d7acab6872c
SHA512

dd40527f137a3901ea4a38dd1364d4e7c1ad223a2905f471e544509b130f35bfe19b6d1774f68f9bc00e71b80222c8ea7766ebc9e263d5cdd48f1274df1c7529
SSDEEP

1536:qvFUkSl6wSOQU43qdU8qwOBEOSUVJxScDvYIObT8EKdr:blsO639RwOBHSMBDvpOfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e44a61204de9816ff25925e7122ed8_JaffaCakes118

Files

05e44a61204de9816ff25925e7122ed8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25d7f2bdb11f189fb1a9927328cba14b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputVDMW
GetThreadContext
ReadConsoleInputExA
GetTempPathW
GetThreadContext
GetAtomNameA
CreateEventW
CreateConsoleScreenBuffer
GetDiskFreeSpaceW
ProcessIdToSessionId
TlsSetValue
GetDefaultCommConfigA
GetConsoleCursorMode
GetConsoleAliasW
RtlFillMemory
PulseEvent
SetProcessShutdownParameters
SetProcessPriorityBoost
GetCommandLineA
ExitProcess
GetStartupInfoA

Exports

Exports

InitAmouhom
Kfokaeo

Sections

.text
Size: 5KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE