697f42c301f2430c1db6a92718d5fa03_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

697f42c301f2430c1db6a92718d5fa03_JaffaCakes118
Size

81KB
MD5

697f42c301f2430c1db6a92718d5fa03
SHA1

25e682de7c936ead88e9e329e817a73a500017fa
SHA256

40cfbfaab0047b9f080111a96b52da81c313460fc8d6923972ba5aba80db9b3e
SHA512

d94eea13a687997d6a2018128836e990285aa920e424a51016b12c7b1c13be45095acdabb09ee3fca30a37a28edcb272b8ed7866f9b74ffbc695a0c271d46d87
SSDEEP

1536:YvSv/zJidDp64UbVjYNEP1wpikRDHIPIQPUUwQYvcLjDJEsZPHE/H6RFOhT:/nzJsDpGlYNEdeikR8P5PUUwVvcLREaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
697f42c301f2430c1db6a92718d5fa03_JaffaCakes118

Files

697f42c301f2430c1db6a92718d5fa03_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f388df61528ef8badfa16ea006e67c4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ExitProcess
WriteConsoleOutputAttribute
VirtualProtect
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetUpdateRect
SetProcessWindowStation

Exports

Exports

InitVejwxli
Iafdehwau
CloseDtdubwsxdhi
SetUpxgmox
Vmyojnvrc
Rqhyqmji
AddViuppetrcj

Sections

.text
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcode
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata1
Size: 66KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrd
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ