749d97dd59450b1a4147e34968bcf680_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

749d97dd59450b1a4147e34968bcf680_JaffaCakes118
Size

58KB
MD5

749d97dd59450b1a4147e34968bcf680
SHA1

00d6d439f5a9ca292e09adafce496f869f6315b2
SHA256

18495a3d0ce6453310f7305190418abbdc866cb056818a1d77478c85777b2bc9
SHA512

4e9fb393ca080322f78cfebb9d40a1419e92b8cdd7fa96c159077af4f6a2326a707fcb7b21c36cc45816c11e66576fb07d195efe8a6d6dd4d0e3096674d3143b
SSDEEP

1536:YamzS3WWecr/3iW+dMe+K61SeU+1Ds6J3OOPA/Zwj:szwWXcrvinMeIOgFJefRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
749d97dd59450b1a4147e34968bcf680_JaffaCakes118

Files

749d97dd59450b1a4147e34968bcf680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4501f0f4bcc646a898d54d563cbe3707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PostMessageA
IsChild

Exports

Exports

Uyfygfxa
GetThxbeybdhcw

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enill
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ