491dbbb59e34b88a3622d0becde7d167_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

491dbbb59e34b88a3622d0becde7d167_JaffaCakes118
Size

69KB
MD5

491dbbb59e34b88a3622d0becde7d167
SHA1

8fc20339583d7e0abda9b5f8c3d1b2f7aa45ba3b
SHA256

ce9ccee80c589d630ac942f285d4dafbb920587eb87d68aedaceed03bd71cd2d
SHA512

e2afdabecd63ededc0db594b87f474ce2e2db3f397f76b60f4eeb4028a9b9a7879eec0bbed8ee335af07982bc121a8aca65a0a3cb734dead7dc190d5c1447f5d
SSDEEP

1536:c3F1zCG39sh69exxyGrVFteEwxdepEDY5/ZDRPI+TBFrUU:Fk9fexxTFtlge17TBFrUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491dbbb59e34b88a3622d0becde7d167_JaffaCakes118

Files

491dbbb59e34b88a3622d0becde7d167_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab50eafbfbbbb90f909be9df4fb737c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
LCMapStringA
GetDiskFreeSpaceW
VirtualFree
GetTickCount
IsBadHugeWritePtr
VDMConsoleOperation
GetNumberFormatA
ExpungeConsoleCommandHistoryW
CompareStringA
WaitForMultipleObjects
ReadConsoleOutputW
GlobalWire
OpenProfileUserMapping
WriteProfileSectionA
ShowConsoleCursor
LockResource
GetCommandLineA
ExitProcess
GetStartupInfoA

Exports

Exports

Aqlynbtyauj
Xmfqsoex
Tqjdwhjm

Sections

.text
Size: 5KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE