49aa4b4bdc7e9dde7020b5c9274c2475_JaffaCakes118 | Triage

Sharing

General

Target

49aa4b4bdc7e9dde7020b5c9274c2475_JaffaCakes118
Size

115KB
MD5

49aa4b4bdc7e9dde7020b5c9274c2475
SHA1

5c2408c6937db146be27a35b661e491407931fe1
SHA256

c8a53a886ad0fb1abac1567704456c7c38a50a60c48cdb6ad4a02ed9312f171e
SHA512

707cd76a58ece1e182fec5f1dc44c770b1a8c911dfc3da5be6d1a938b2204e6b42ad508a7e70f83bdb59439d60b5efb639d5b758fa22ae9d4e9a01cb6f828c58
SSDEEP

1536:I2fL1rs4xrZ74f3o2cXL0B83iO4saQu8JWzvSZiNLD3H7LexplITfPNdrlH:h9s4xe/J2VDz1ZiNL8jmPNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49aa4b4bdc7e9dde7020b5c9274c2475_JaffaCakes118

Files

49aa4b4bdc7e9dde7020b5c9274c2475_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d3d42a483cfde2d3301aa1261792f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

HeapAlloc
ReadConsoleOutputCharacterA
HeapFree
CancelTimerQueueTimer
VirtualAlloc
CallNamedPipeA
ReadConsoleA
HeapLock
HeapSize
GetPrivateProfileIntA
GetVolumeNameForVolumeMountPointA
ReadFile
HeapUnlock
GetCPInfo

comctl32

DrawInsert

Exports

Exports

IsWavdtbrnyok
CloseGyfyxik
Ormfducl
CreateSetxrgq
Ykijqhc
CreateThasjqo
InitTxmskei
Lffgcyaa
WriteHdnqcrou
Arkmktiubn

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ