743c99c9e81bf04d4600748e6a929fc1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

743c99c9e81bf04d4600748e6a929fc1_JaffaCakes118
Size

28KB
MD5

743c99c9e81bf04d4600748e6a929fc1
SHA1

defbea4a6e8ed0822338df5dfbb184b079b11dc2
SHA256

451d326b0dfb8cb9e3e523e7108f40bd2083f854969c0a6a895f088aa09e41a5
SHA512

3740b8b07af73cd4f91d31a807e759ca74977ac6df1451b98018daf1aa04c3102eb47ccafb552bdcc72555bc7602f6cca1e720226818abdc89aec85321c6fb40
SSDEEP

768:/7HHiJYa8oj4GxDLFJ/EKeI4LfBXFnWki/i9t2:zc8oZ/II2dWdi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
743c99c9e81bf04d4600748e6a929fc1_JaffaCakes118

Files

743c99c9e81bf04d4600748e6a929fc1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6df819061151a980927de863240119e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlDefaultNpAcl
RtlAllocateHandle
RtlValidRelativeSecurityDescriptor
RtlFormatCurrentUserKeyPath
RtlAddCompoundAce
RtlSetTimer
ZwCreateIoCompletion
NtQuerySystemEnvironmentValue
NtDeviceIoControlFile
ZwQueryInstallUILanguage
RtlEqualLuid
NtQueryTimerResolution
RtlpNtQueryValueKey
RtlDecompressBuffer
DbgUiConnectToDbg

Exports

Exports

CreateGsmljslm
IsPxfmsicuyqc

Sections

.nk90
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ