1b13abe6bb41edfab6cb04bb3889dc2b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b13abe6bb41edfab6cb04bb3889dc2b_JaffaCakes118
Size

220KB
MD5

1b13abe6bb41edfab6cb04bb3889dc2b
SHA1

5853d44b2d74772065082b6bf61a347c07d1e94f
SHA256

74dde175dd406cc09982cdf30c57de8f46b4e90e27e6e053358999c4d8f16dbf
SHA512

18731e6f088b3e1be6c54f78e95f3e95be299927d4db0976ebd77cc48899b0ea8e8f642e5a438287c06fdd9f254750df32564975a1112d6b3f283636c2edb406
SSDEEP

6144:LaCoVwlDy+euPoQghTegp0uz+mA1vhrV:LaCoVwlDy+bMNp04+vL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b13abe6bb41edfab6cb04bb3889dc2b_JaffaCakes118

Files

1b13abe6bb41edfab6cb04bb3889dc2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4501f0f4bcc646a898d54d563cbe3707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PostMessageA
IsChild

Exports

Exports

SetVfkuikegjlh
Ggfxptabldv

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enewdat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ