a6e4f9cb80686f2a0919c389aa6e3974_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6e4f9cb80686f2a0919c389aa6e3974_JaffaCakes118
Size

52KB
MD5

a6e4f9cb80686f2a0919c389aa6e3974
SHA1

f52842d01e973de326adca858d4b3c7e7f5ad38a
SHA256

91525c52e9ab9ed9930ec5e8f7622953a4ab8b3f16fa279b59ceb36099f9598f
SHA512

b4255f196510c97e855d6802ef2a4345e46d16edc3ad7894f89b141a01be1e9ab1f1478f182e4a15d179edec916826429d56b3eada7d8c4780c4b7ce99ea5bdd
SSDEEP

768:bxPS9iCmz8K9nbf0rW/shRKVSjaFZbDvhHuJLg3WdOuq:bdS9o8K9nIgqQowDhegmAuq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6e4f9cb80686f2a0919c389aa6e3974_JaffaCakes118

Files

a6e4f9cb80686f2a0919c389aa6e3974_JaffaCakes118
.exe windows:4 windows x86 arch:x86

587c2654b776cae2081ecd78f93f048d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LoadLibraryA
IsBadReadPtr
GetProcessHeap
GetModuleHandleA
GetStartupInfoA
HeapAlloc
GetProcAddress
ExitProcess
lstrcmpiA
DeleteFiber

user32

MapVirtualKeyW

gdi32

OffsetClipRgn
EndPath

advapi32

GetServiceDisplayNameA

msvcrt

_chkesp
free
memcpy
memset
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
malloc

Exports

Exports

blccig
jzqfwaf
oumbybv

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE