75aaf140ded666543b99397aec0f88d1_JaffaCakes118 | Triage

Sharing

General

Target

75aaf140ded666543b99397aec0f88d1_JaffaCakes118
Size

39KB
MD5

75aaf140ded666543b99397aec0f88d1
SHA1

77a72fd9b68fb1330a5bdff03b4a7c04df23439d
SHA256

53a8bc70576a31e4cbe4fad374bff05501e46aeed61bf62678b916f754aac453
SHA512

c937689a78cc4142177364a48dec7cf733f4a079c48bd92809442c0a3d6491e059e5194855672ed55677251944a6913cbf183fc79aac6428d3c26c646023df35
SSDEEP

768:DMYTis0/hw/fFV/AuLmdi3TOGvvPQOYVCy0k1HVaAczdEjkQsO:DdTipZsdHLmdWXPQOZqHVaVz+jkQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75aaf140ded666543b99397aec0f88d1_JaffaCakes118

Files

75aaf140ded666543b99397aec0f88d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50658c7ffabb0bc40fcc404a9fc4b6fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlUnicodeToCustomCPN
NtWaitLowEventPair
ZwOpenThread
PfxRemovePrefix
RtlStartRXact
RtlAnsiStringToUnicodeString

Exports

Exports

Ecudoxfp
Guooagqjlrj
Mkvpfgveuo

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 30KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ