46e3f7143d8c6bb82cf290ca4d45b08b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46e3f7143d8c6bb82cf290ca4d45b08b_JaffaCakes118
Size

68KB
MD5

46e3f7143d8c6bb82cf290ca4d45b08b
SHA1

3bdf2f2481af9c5890dd48629530b6c073d47f9a
SHA256

034edb92f2c652a9dc794c1537f09bf20ef379b5a953edfeeced09d4b7def703
SHA512

98d89bb3d78c0783ab0d717bf9f97a2d5df28707644e14362491583df91b537235f9e2485930cd163d26af43df83a81ad7339215876948a538092b9be70b1968
SSDEEP

1536:/Wk5fOm5apW5HkvScNX8I9DqzvjbfUQE8RMrGHsJFK:/Wk5fn5apW5kvScJ8I9OzvfUJMMrGMJo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46e3f7143d8c6bb82cf290ca4d45b08b_JaffaCakes118

Files

46e3f7143d8c6bb82cf290ca4d45b08b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce15cce02a70e15b439ef5f29246e3d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlDeleteCriticalSection
ZwCancelTimer
ZwIsSystemResumeAutomatic
RtlDelete
RtlpNtQueryValueKey

Exports

Exports

EndMtmxeycgjhv
Askhgauok
Aaxdewwav
Owvpobbh

Sections

.text
Size: 4KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ