6204ef61bf35e71a0284cae150be48b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6204ef61bf35e71a0284cae150be48b0_JaffaCakes118
Size

81KB
MD5

6204ef61bf35e71a0284cae150be48b0
SHA1

40b009bd26f7b21b2c4dd90bdeb1d0e7659ff1f6
SHA256

1f63b24ab4495402e811c28d670339b7ebca0df1a18dee0f0b0c635b44813440
SHA512

c0680055ee34500c078cb907f595b28ee145cd4b76651cf7e8dd23e4701b467031de9056520ba24d315f95ae6cae2dd481e091ce66dc2ecaf842042b679b428d
SSDEEP

1536:4XkiyNCLRrs3voYstf1q31G8opbp1a/aoXTBtRP8c:6dsxjGTF1aTXTB3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6204ef61bf35e71a0284cae150be48b0_JaffaCakes118

Files

6204ef61bf35e71a0284cae150be48b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f388df61528ef8badfa16ea006e67c4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ExitProcess
WriteConsoleOutputAttribute
VirtualProtect
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetUpdateRect
SetProcessWindowStation

Exports

Exports

BeginYmfjbhlvlg
InitJqhbtpgpxrq
CreateEqxvogpblo
ReadQrbnhqa
Uemalur
InitTceodsmxy
BeginNyipxytfbvd

Sections

.text
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcode
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata1
Size: 66KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrd
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ