21e1080f237cbf03a0ed741124dcbc42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e1080f237cbf03a0ed741124dcbc42_JaffaCakes118
Size

28KB
MD5

21e1080f237cbf03a0ed741124dcbc42
SHA1

f3e83bc70ce3b24752364f54b1f9bda8120fc1b9
SHA256

09b268f55600193d4167ea5bab316b8d4098429b698fe895a17094af621af056
SHA512

56b0ff42cd028952cf95a2d143a6b81b645ecd7aece210a2e9f7322157b7d42f7649ebb5dcce3b84a641ad7eb04b6ce051145f2a21036aa3ada896ef5bd342ac
SSDEEP

768:kxI/S4EXriEdjuLVJlV/Na22zS1LSP84M/:tlujqVJbYcxSPG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e1080f237cbf03a0ed741124dcbc42_JaffaCakes118

Files

21e1080f237cbf03a0ed741124dcbc42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00643c6f9a673ea9044c383a21fc6253

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlAllocateAndInitializeSid
RtlSetAttributesSecurityDescriptor
RtlConvertSidToUnicodeString
wcstombs

Exports

Exports

Uagwvulds
Qcrvhlatbeb
Iltvuqfefr

Sections

.text
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ