71f35472a4b7cdaba04218cc4c2c6187_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71f35472a4b7cdaba04218cc4c2c6187_JaffaCakes118
Size

81KB
MD5

71f35472a4b7cdaba04218cc4c2c6187
SHA1

397c4a8fdeed2a62b6b0d56a0d3df45cbff1daaf
SHA256

71b89a22cf65ba9d06ee64d8fb85468d2d3eaf8df48d183aa58d91f3d1f6a42d
SHA512

f2102f8db2a907d4027835a88c72a4390509e894e89821b136afeff3f2574fc9f2a0e0d31f1f54ea79d8906bf9e1a45e57432422324b1a22fd3e9d5e751285c9
SSDEEP

1536:UQfzFJE8WjSOYqV4V1j7g7SC/IGw1bsh9f05sPVhB5wqgIo:UQBJQ+DqGT7JCwGwZsh9sePVhPwqFo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71f35472a4b7cdaba04218cc4c2c6187_JaffaCakes118

Files

71f35472a4b7cdaba04218cc4c2c6187_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b43646fe5948e62bca4f3a9563c8ca89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ExitProcess
WriteConsoleOutputAttribute
VirtualProtect
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetUpdateRect
CloseWindowStation

Exports

Exports

Crlytfpsjbr
CreateVsipljocqm
Yupqsmlmhb
GetIytpxvufivh
BeginKefkayhgkj
Lqfhspbmwd
IsYsjcurgc
OpenVawpgvymsl
Kvjxnsouwpq
Mxtrxwcxx

Sections

.text
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcode
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata1
Size: 66KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrd
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ