330db9c8c05f8bd3a63709b9938a647a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

330db9c8c05f8bd3a63709b9938a647a_JaffaCakes118
Size

668KB
MD5

330db9c8c05f8bd3a63709b9938a647a
SHA1

4b3962497fd469665e93ba374686c5b0895e3b41
SHA256

157281e4574df8a27854c633589dbf39a45ae6ad88e4ebf7b96101946684de3f
SHA512

3bdbecd8298fe248c863c70f81ed686e7b3bae9f2af2e3db2ea255003ab041c4686dca5ba6a69beb0a899802b7464b29172e509c1bb64c942b42f5d4cd185964
SSDEEP

12288:1M86M/387qxucOJFzwjwD/rmM5X7brQcXkBO4SIhZEjy/GZl:286MUYw/WwTKM5LfhXkBOrKZ8ll

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
330db9c8c05f8bd3a63709b9938a647a_JaffaCakes118

Files

330db9c8c05f8bd3a63709b9938a647a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5faaec8c308d6459e5a932a77901cb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
VirtualAlloc
OpenFileMappingA
VirtualProtect
GetTempPathA
ExitProcess
GetSystemDirectoryA

user32

SendNotifyMessageA
CreateWindowStationA
UnlockWindowStation
SendNotifyMessageW
DialogBoxIndirectParamA

Exports

Exports

Exoblyuexey
CloseYaskuskvx
AddBcsaynxyl
Rputvncyohr
Brmgnkuw
Lrytbgmw
Skwpkbb
Tiqacru
SetUpkolgqlqsx
Rfndiefmln
CloseNwotqxjsrp
Isvrpqgs
SetUomlgxtmijc
EndDwkgltd
Jnkkfbgx
WriteVgqygbsr
Txihbrak
IsQynwgxn
Ownimagbiq
Bvoudiixpcx

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 934KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE