5cf69c70f738c418c4a9a32bd278caa1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cf69c70f738c418c4a9a32bd278caa1_JaffaCakes118
Size

65KB
MD5

5cf69c70f738c418c4a9a32bd278caa1
SHA1

5157b5c5f4b5b382a89641267a781c58ed777c14
SHA256

89bfd8c74e2d1a7901621e7a101bb5c2f0d52ab0e6c1549e47eb2bba158b613a
SHA512

50e303ca3b04811b72540281147cd67082ebd040d9bb5e7bf645308816babd189b9956944955f40657661f281e19a1593349ed34f6a14ef164875e658a8f3b87
SSDEEP

1536:NpWPcfFYEjyyTuCatKH3u3iMA0Y3o6/fbi8khtaeMjFyS:UwFY2yyTpe3iZ3Z2fKjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cf69c70f738c418c4a9a32bd278caa1_JaffaCakes118

Files

5cf69c70f738c418c4a9a32bd278caa1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb4d6425ae8e0ec4cd4b9ca1d2689d7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
DeleteTimerQueueEx
Heap32First
VirtualQuery
EnumTimeFormatsW
OpenMutexA
ConsoleMenuControl
GetProfileStringA
BaseThreadStartThunk
VirtualQuery
InterlockedCompareExchange
LocalFlags
IsBadWritePtr
WritePrivateProfileStructW
GlobalAlloc
GetConsoleAliasesLengthW
FatalAppExitA
CreateDirectoryW
CreateMailslotA
SetThreadContext
FindAtomW
OpenEventA
GetCommandLineA
ExitProcess
GetStartupInfoA

Exports

Exports

Bxfdysrwrmp

Sections

.code
Size: 4KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ