5f1b9a406fd43de8c006f261feb36816_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f1b9a406fd43de8c006f261feb36816_JaffaCakes118
Size

100KB
MD5

5f1b9a406fd43de8c006f261feb36816
SHA1

4c5255dfe8f281a82fd785ca858247d8a5280720
SHA256

c9204a96651883c54ba91420c44a094b79e38411c1c6ebfaff70d3d4d5ce6c1e
SHA512

370d99a93163e1a398fd100d665ef60451dfc433ab9c7ab15bcf8372c054cbeba3cad766f551bf4aa0b4a26fd1c8c242ccf427c2309f90ef16644875df315fa8
SSDEEP

1536:Ojs/r5oVOIXpIEysrlMvg9f+njZGV2HCicCW1wJw+OQZ7Zf6I00CVh:OIi5/lMyGn1xvNaw6+v7Zf6DH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f1b9a406fd43de8c006f261feb36816_JaffaCakes118

Files

5f1b9a406fd43de8c006f261feb36816_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7ef5f0135610fcc1102754fac7a8cee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtYieldExecution
strncat
RtlUshortByteSwap
RtlUnicodeStringToInteger
ZwOpenMutant
RtlAllocateAndInitializeSid
RtlOemStringToUnicodeSize
isxdigit
ZwQueryInformationToken
RtlSetTimer
isxdigit
iswalpha
NtSetInformationKey
ZwReplyWaitReplyPort
ZwFlushWriteBuffer
RtlInitializeRXact
NtReadFile
_strlwr
NtAcceptConnectPort

Exports

Exports

Vopgssqucvq
Oikfipwtg

Sections

.kdata
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ