0d3b78a4d5200e288272cf92c135edef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d3b78a4d5200e288272cf92c135edef_JaffaCakes118
Size

68KB
MD5

0d3b78a4d5200e288272cf92c135edef
SHA1

f9147261c99d07846aa1535679463196590fc3bd
SHA256

11f351fa1e181bdfab8cdde377b664700ca986f99b7a3f447c2007b4db8ce980
SHA512

013d1fbc246f96c721949e250b816bcac866811f144f1909f38b7d4cb63aad36508f017ac59c9d6a9dd59721c26b3a8019f5a94057b6ca4acb20339da0755178
SSDEEP

1536:INCkZvVossSydxHJy43Ek8uXqjIXf2f25wh3/iFfru+kqCSIrijl6rz:I0kZ9dyfJy40MgIXf/5UQHIOJ6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d3b78a4d5200e288272cf92c135edef_JaffaCakes118

Files

0d3b78a4d5200e288272cf92c135edef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fb379184104b3cf4663a2f8c332a4f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwCreateDirectoryObject
NtQueryIntervalProfile
NtCreateThread
wcstoul
tan

Exports

Exports

Dnnhgxbrb
InitHfwuqjql
WriteEolsntbc

Sections

.text
Size: 4KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ