447690c9f3db158e1185c8d876731629_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

447690c9f3db158e1185c8d876731629_JaffaCakes118
Size

3.8MB
MD5

447690c9f3db158e1185c8d876731629
SHA1

d3dfc88b51ce8f698976f5e6c70a1caa556d39fa
SHA256

eb442b30ecdd1c58c985e65ab96220112e3ae43a7133a9c4affdfef60713766a
SHA512

72e2f205288e978bba430cbf3edfa45834784f80e786c7bfe8dc5a0dc53a35e10d06ea266338375e43b5364276d29a539f901a00e901dc63f265873d1b433b0c
SSDEEP

98304:VJPCLWUzTSEj/2gabTNLKAfwqj/d3JCm00629/OclG+13xdl8eLPSM:/MWKj/udLXwqpji29Hx9zLP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447690c9f3db158e1185c8d876731629_JaffaCakes118

Files

447690c9f3db158e1185c8d876731629_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6be127b9fbf7951375d41679b72ca1e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetErrorMode
GetWindowsDirectoryA
SetCurrentDirectoryA
VirtualProtect
ExitProcess

user32

GetWindowModuleFileNameA
GetClassLongA

Exports

Exports

CreateYiwdrhkrq
InitEpnkpxf

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.secdata
Size: 800B - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsec
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ