34cd83d959129f77e8e7395502c165c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34cd83d959129f77e8e7395502c165c3_JaffaCakes118
Size

74KB
MD5

34cd83d959129f77e8e7395502c165c3
SHA1

31c3c1094ece65fa6e8da1684705d243b008823a
SHA256

07a0efdfc6373337b58da9207c2921bf73f88fbc5e1cf64e44f4a8f573c4b79c
SHA512

a2a04c4040adb4a26acc3489d7b2d58277e7a3ccdfb0483d97cf025d155476eebc79757efe8bfbb0edbb8eda2ac766ae7ba34cf48c997cb30ddf7401b4e80061
SSDEEP

1536:oV4gRK1IvnJqqMgihPR69IlaSrxN4cdFTG6Uja7hIZ8Mcqq:e4ggfjR6YNn4Pja72Z1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34cd83d959129f77e8e7395502c165c3_JaffaCakes118

Files

34cd83d959129f77e8e7395502c165c3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6af582334aa27ac485cbffcd80b58d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateThread
ExitProcess
IsBadReadPtr
GetProcAddress
lstrcmpiA
LoadLibraryA
VirtualProtect
VirtualAlloc

user32

SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SetTimer
DefWindowProcA

Exports

Exports

fgdfgddfgffg
sfgdfggtbfdb
start

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ