5ae85443b1ac6af96f83a3e01f96a015_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ae85443b1ac6af96f83a3e01f96a015_JaffaCakes118
Size

81KB
MD5

5ae85443b1ac6af96f83a3e01f96a015
SHA1

5e682aecf3ce6920ebd07843737cae1c1e2c2e47
SHA256

5cc94bb7dbea294910cd8ed645ec8865f0b60796e8fdfbf38d2eee6234f4dacb
SHA512

fc201414bdd691933b80f7d7a2fd440ad589c8ce000b276096ee3b605ad2fdeb5ef033fabb3b4e5dbbf8fead48a7590db997bf738c6e5fb680d4092f774fd817
SSDEEP

1536:8Uy2qWZe9tE6dmdn9B9/qmEonV7y9SeoPJHJbsdL:stLdmrr/qmLV7yUP7QZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae85443b1ac6af96f83a3e01f96a015_JaffaCakes118

Files

5ae85443b1ac6af96f83a3e01f96a015_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b43646fe5948e62bca4f3a9563c8ca89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
ExitProcess
WriteConsoleOutputAttribute
VirtualProtect
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetUpdateRect
CloseWindowStation

Exports

Exports

Jiqwmxow
IsUtxrjhgux
ReadBgwobfvct
AddHkxnwujegtv
Pwjkmou
Pvgsjkkksp
Ctomradm
BeginFytkfbgwv

Sections

.text
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcode
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata1
Size: 66KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrd
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ