3308090a5213ea41d750882e9951692f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3308090a5213ea41d750882e9951692f_JaffaCakes118
Size

78KB
MD5

3308090a5213ea41d750882e9951692f
SHA1

cbcaa029fe90071b22ce6b1a1188d664890abe08
SHA256

c659480a5cdff8f8add28e3a9cd19c0b361e860cc74c48e31faf42d71c6eabb0
SHA512

21f077ea5ad73eb5c38f893ae939b91aaeee9edd5c4c6263b56b00c73ae4dc5ccd58292c788e5d5e14406918a29a44bae112b6dc604e4739d67dbd14a59919bc
SSDEEP

1536:MiITqO/fYsmEQFAksleU7I2oxbmoVBicwmmcBDIPLnMEa8/2OjL:M3Tj/fYs45slx7dfCicicJV/8OO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3308090a5213ea41d750882e9951692f_JaffaCakes118

Files

3308090a5213ea41d750882e9951692f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f0ded993752cc0b9f63282a689050aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtSetEvent
fabs
RtlDeNormalizeProcessParams
RtlDestroyHandleTable
_memicmp
NtSetThreadExecutionState
KiUserCallbackDispatcher

Exports

Exports

Lhjhyjqq
IsHqpulyrey

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 70KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ