5a203d6e8e8516ea25daa95de193e570_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a203d6e8e8516ea25daa95de193e570_JaffaCakes118
Size

96KB
MD5

5a203d6e8e8516ea25daa95de193e570
SHA1

7c4391788b4a1271158413b08607d2657bcd9141
SHA256

a997bf1f853a4341a9522c5311e65f860da55598fd339ce99fb44cad4fdd8bea
SHA512

a95c87a744b2dc8490ca510c4b81a8dfb3a95fdc51e9231e001783097113a0d27b531b52169607483290e39a2fdc93bcea935d07e408b1968e8c2daf315091ee
SSDEEP

1536:68o8/iIPUFeNfiAjPPKuYqbJNlxa6ArwLndYkU0WEjChT6tjB9rsgpB7trZz:6FIPUFQdLzokLnVtsTKBBsgppttz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a203d6e8e8516ea25daa95de193e570_JaffaCakes118

Files

5a203d6e8e8516ea25daa95de193e570_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f2d562a36baf25f4002f0d8f53b736d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
DeleteVolumeMountPointA
GetVolumePathNameA
GetVolumeNameForVolumeMountPointA
DefineDosDeviceA
VirtualAlloc

gdi32

ChoosePixelFormat
GetDeviceCaps

dhcpsapi

DhcpDeleteServer

Exports

Exports

AddUbgpmsku
ReadSirituf
WriteDhfdhxp
AddWygeburlbu
GetGtxbyhnhpnk
GetPtciinualq
Sttwggj
Gaqjivk
Kfbljdjajjv
Kxbfxwdxit
Fchiced
Iahfbocn

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE