4534524f1c1f6735440afc3cfdb2523d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4534524f1c1f6735440afc3cfdb2523d_JaffaCakes118
Size

667KB
MD5

4534524f1c1f6735440afc3cfdb2523d
SHA1

7f36ca4e1f65dbd5ddc215b361cc0ed4a733c67d
SHA256

f46dfe2c79231042b88b6e5c3b61bd3948d5fa7aa5083ecb946f417f1981dce4
SHA512

6f08c93c6c85323d25272136c229f7d991092d539cbce53afc80a498d331049e1f135f4fc09e831ca36f5fd375694fb061b474f6a7fc3a5add1dba6556e230cc
SSDEEP

12288:X3F+8jp9c2dpQToxxu4jzbP0219hM6hV+7uYeCnwNSDily6tX:Hxj9dCToCIbMu+gV+7uYeCn6ailX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4534524f1c1f6735440afc3cfdb2523d_JaffaCakes118

Files

4534524f1c1f6735440afc3cfdb2523d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

974c7c7d388ee407f4bc8c164be694cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
OpenFileMappingA
ExitProcess
GetCommModemStatus
UnlockFile
ExitThread
VirtualProtect
WriteConsoleOutputAttribute

user32

SendNotifyMessageA
SetSystemCursor
ChildWindowFromPointEx
CascadeChildWindows

Exports

Exports

CloseMjyrjhed
Rsupvicbsri
ReadEnievar
Oouhejkek
AddSvjdlpvar
Moidccn
Etwtjwqim
IsXhfhroot
Rbpxcsp
BeginYykdqfmrnfo
CreateShykrgag
Ihsdexydq
Opqilewquar
WriteElgvjsksvo
Wsbqfsai
Ayqvooab
Mbnfadpo
GetGdnqths
Projujjhj
Mhndjngi

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE