299c56686a72bf962605756dc1bd81b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

299c56686a72bf962605756dc1bd81b9_JaffaCakes118
Size

216KB
MD5

299c56686a72bf962605756dc1bd81b9
SHA1

7a53eb5ce16e187717a549deb7ae6e0db86ac9e7
SHA256

c59e7d601f9f8337fb620fbcba1ba7ee833c281e689fe9cb8fdf5369698a6322
SHA512

959aa2ce8655f12846d666a008fcc8f33e84d2ae07792bbd18b190f1a94f413bf776f8f5694ff4051aebd291bad6011c0298afaa3a48c9b5c110ccd821abb860
SSDEEP

3072:lpp/3LXNlrP5RPuBZDuPLpa5oqG79Ma+MmmalFLhhEK:lvxHR2DuPLEWqG7Ka+MmmarV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
299c56686a72bf962605756dc1bd81b9_JaffaCakes118

Files

299c56686a72bf962605756dc1bd81b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a904ae8848d10ed18f47696a0eb120c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrepareTape
EnumSystemLocalesA
GetVolumeNameForVolumeMountPointA
SetConsoleInputExeNameA
GetFileAttributesA
WriteFile
GetTickCount
lstrlenA
WriteConsoleA
OpenFileMappingA
GetModuleHandleA
SetConsoleHardwareState
GetConsoleKeyboardLayoutNameA
VirtualAlloc
LZSeek
SetConsoleNumberOfCommandsA
Module32First
SetFileTime
CreateFileMappingA
GetThreadTimes
GetCurrentProcess
WriteProcessMemory
EnumResourceLanguagesA
ReadConsoleA
_hread
TerminateJobObject
GetProcAddress
FreeResource
SetConsoleLocalEUDC
VirtualAllocEx

wininet

InternetQueryDataAvailable
FindNextUrlCacheEntryW
InternetGetConnectedStateExA
FtpSetCurrentDirectoryW
InternetUnlockRequestFile
InternetCrackUrlA
ResumeSuspendedDownload

Exports

Exports

GetXvmghhlmxyg
Lcunuqpmu

Sections

.rtext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 204KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ