76b8fcef1226aeb77c797c20f14138ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76b8fcef1226aeb77c797c20f14138ae_JaffaCakes118
Size

265KB
MD5

76b8fcef1226aeb77c797c20f14138ae
SHA1

29d12fe7338f1041ffad9d98960f8a781fdcd4b5
SHA256

e281cc1888fed63f0aeb76cf9dc8d3f531b2e6f6779e755343653b0839ba9803
SHA512

2a7f3405323705d22edea41fb5059f411673f079590a33734dec76daf02088d7566493ad518b821ac13b1e6c4bb0dd398077a52ec1a05330412ebcd4c8e51d9c
SSDEEP

3072:NituH5VaqFIh0FJNGri4riSzqoFhvwJLIb4J1XPiW17yi:QuZ4Aarv4Gb4LPD1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76b8fcef1226aeb77c797c20f14138ae_JaffaCakes118

Files

76b8fcef1226aeb77c797c20f14138ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd72a380d9177330cfa792efb651b289

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AssignProcessToJobObject
WriteConsoleInputW
LoadLibraryA
LockFile
RtlMoveMemory
CreateNamedPipeW
GetProcAddress

user32

MapVirtualKeyW
AnimateWindow
RedrawWindow

gdi32

GetCurrentPositionEx
CreateCompatibleDC

Exports

Exports

grldgpespibzux
iswxhqda
mgsgcvywanizy

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ