8de78ba3651c7aa8ea2c2e66f2db3a3f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8de78ba3651c7aa8ea2c2e66f2db3a3f_JaffaCakes118
Size

76KB
MD5

8de78ba3651c7aa8ea2c2e66f2db3a3f
SHA1

296db48bf71e1cd0e239bc8c97a1942aca02c8f5
SHA256

9edb99085cc3f2c22cdfb9a4dbb157d96c6b2164313f4b0ae04f8fbecd455be7
SHA512

a9147243e9066615433d4620121575a971535e21ca8de6607c8684c8dc24cbf5e575a59415598c9ebb7d3c83306e9a74c046999fd75175fb3c7b13a83433d9ca
SSDEEP

768:k/1UENbZOXDaF0d0mq9PqJbA/sqdHOfOwpNHXq9vhBaWyWTgq:zuMBIDta3q9vhBakT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8de78ba3651c7aa8ea2c2e66f2db3a3f_JaffaCakes118

Files

8de78ba3651c7aa8ea2c2e66f2db3a3f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

501b6d62690b5d31e744f257431f492b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
LoadLibraryA
GetProcAddress
lstrcmpiA
VirtualProtect
IsBadReadPtr
VirtualAlloc
CreateThread
GetModuleHandleA

user32

SendMessageA
KillTimer
DefWindowProcA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Exports

Exports

fgdfgdfg
gtbfdb
start

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ