a8b288519e0d93956888d1f1188774f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8b288519e0d93956888d1f1188774f3_JaffaCakes118
Size

74KB
MD5

a8b288519e0d93956888d1f1188774f3
SHA1

4c6ad1e5859f32168a3f7197ca67e4d8862f8584
SHA256

f8f39429eeb23f18f1061f93f8c4f0d708ef9c8a44bc09154cc9591fddf1760c
SHA512

d3d1aea7e6d959570de66c2bf510c49209f5d7749e4fc09cb482dc1fec1a962f6d1359809c6e3c6107148c566bc213741023c1e52d173bb17246f4b252a877e4
SSDEEP

1536:oV4gRK1IvnJqqMgihPR69IlaSrxN4cdFTG6Uja7hIZ8McqqJ:e4ggfjR6YNn4Pja72Z1FU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b288519e0d93956888d1f1188774f3_JaffaCakes118

Files

a8b288519e0d93956888d1f1188774f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6af582334aa27ac485cbffcd80b58d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateThread
ExitProcess
IsBadReadPtr
GetProcAddress
lstrcmpiA
LoadLibraryA
VirtualProtect
VirtualAlloc

user32

SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SetTimer
DefWindowProcA

Exports

Exports

fgdfgddfgffg
sfgdfggtbfdb
start

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ