785ce6bcca759f03b2928c8f1695317c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

785ce6bcca759f03b2928c8f1695317c_JaffaCakes118
Size

79KB
MD5

785ce6bcca759f03b2928c8f1695317c
SHA1

e9a1074afd4b0962ef1e8731466f90f7fa5adf1f
SHA256

efb3b6e2542fc8b960c219abf434e853622e296c454beadd06db1f8730021519
SHA512

92dc7fc9a395d97d12eaf2a01e0361d129ab0b31ea13bed7095b176efc140cb8f5eea0884eb2397c91ff4fb5b36cfec23c8a9b9f25dea1c8e6de8fe74d511617
SSDEEP

1536:f/m4SNZoVdBvVFYH6LiBnTcjm5PHIpFjphdFeP9XSk6:f/3wZ6dfaygcjE2FjpMP1Sk6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
785ce6bcca759f03b2928c8f1695317c_JaffaCakes118

Files

785ce6bcca759f03b2928c8f1695317c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b68b8e710417ef3460cdb819bee7cf2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ReadFile
ReadConsoleOutputCharacterW
VirtualProtectEx
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

UpdateWindow
SetWindowTextW

Exports

Exports

SetAdscmcerm
EndDoeyydnw
Khxxpyns
Fldaduejn

Sections

.text
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata1
Size: 66KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrd
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ