7706aa05a3bf707ae4b0efa3ab37a5ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7706aa05a3bf707ae4b0efa3ab37a5ca_JaffaCakes118
Size

146KB
MD5

7706aa05a3bf707ae4b0efa3ab37a5ca
SHA1

cde4e41ce01c547e6059cf2dd9b11ed0e95acde0
SHA256

5c3c29ecc0453c2a43f7e1ea8c036745ad0d6111299bc5acd4fba72709b2f5f6
SHA512

3b79016d83798d9d93754b2577fbfdd971fa7a545c940b4aedd23b54b6931c48803b5135c55e821735c1eabfeac1fbd445e1ae2334d46a6374c572ad1e8a0171
SSDEEP

3072:StBYtxh0xb2dyuhwtumnJDf3jYcjIqh75z8Yjsh:hV0xmJwtjdPjh115

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7706aa05a3bf707ae4b0efa3ab37a5ca_JaffaCakes118

Files

7706aa05a3bf707ae4b0efa3ab37a5ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c764ede5330c1165262cf024f1fe0c4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
TransmitCommChar
GetStartupInfoA
GetLocaleInfoA
GetFileType
WritePrivateProfileStringA
ExitProcess
SetCurrentDirectoryA
GetCommandLineA
DeleteAtom

rpcrt4

RpcStringBindingComposeA
RpcStringFreeA
RpcBindingToStringBindingA

netapi32

DsGetDcNameA
DsGetDcNextA

ole32

ProgIDFromCLSID
CoTaskMemFree
CoGetMalloc
StringFromCLSID

Exports

Exports

WriteKqhmhvt
WriteGvnoyvfbjck
WriteVlqhvgnbfk
Lqbboekn
Vwfbkquwxft
Jbtrpklkd

Sections

.text
Size: 11KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ