3b703dd20663eee991d7f834ed0c1734_JaffaCakes118 | Triage

Sharing

General

Target

3b703dd20663eee991d7f834ed0c1734_JaffaCakes118
Size

72KB
MD5

3b703dd20663eee991d7f834ed0c1734
SHA1

a4efb9e6d5bc7cf1e1ca67a8bd3f2a8dbdceedd6
SHA256

1b0f05c8997836616d9bcc376183da2ba678c92ef7e9929729f9b84662a60abd
SHA512

d434093d09b90b8ebb629b9925e629dacb3ad5357f19ed922e77dd2ab256c9c7dd179e9d194384e9d0ef2ad05fc4156ed7b28c8c7a73ba9266ac9c13d58633cd
SSDEEP

1536:iuvHUcBFLIVAk75gUuUEoUBnTp2wE8KK:7ccDLIavJp2wE4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b703dd20663eee991d7f834ed0c1734_JaffaCakes118

Files

3b703dd20663eee991d7f834ed0c1734_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ae4b86caac7841109af25524232d266

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadContext
VirtualProtect
FreeLibrary
GetCommandLineA
GetLastError
ExitThread
GetStartupInfoA

user32

PeekMessageW
PostThreadMessageA

Exports

Exports

Awxeterlsgs
Qknquyq

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA21
Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.e4355
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ