abbf80d1dd86e2034e0499e6b40e0d8c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abbf80d1dd86e2034e0499e6b40e0d8c_JaffaCakes118
Size

4.0MB
MD5

abbf80d1dd86e2034e0499e6b40e0d8c
SHA1

a7af75afb751ab122215ebbed3191a1655ed6228
SHA256

d295c2c062dd7045ba1db8acc9bd148a730021bea35e360c1cb69142e83c9707
SHA512

b5457a2f3902269c77278f51a999420d1167c21f1cd81820ad0152c726c439ea0a2c902ae7e5b72d4c32dcb763591e529b83b8cbc00de7ce2054f0475a444d49
SSDEEP

49152:fyz2UmY6rNJnB6BFqglqR2Qq0JKbqzQ89oNYpOZxhovtmL+hwtr1G/IFk0pbh4b7:fyzQXrF6BFzl+vKKO4uy8YwtrO1jjn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abbf80d1dd86e2034e0499e6b40e0d8c_JaffaCakes118

Files

abbf80d1dd86e2034e0499e6b40e0d8c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fca8598cac59d204eac0ccfe8c587340

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ReadConsoleOutputA
GetExitCodeThread
LocalAlloc
LocalAlloc
GetNamedPipeHandleStateA
OpenJobObjectA
ReadConsoleA
Heap32Next
GetSystemDirectoryA
GetLastError
GetConsoleAliasExesLengthA
CreateFileMappingA
GetProcessTimes
QueryInformationJobObject

user32

GetGuiResources
DrawMenuBar
ScrollChildren
GetParent
DlgDirListComboBoxA
CreateDialogParamA
TranslateAcceleratorA
LoadBitmapA
AppendMenuA
PostThreadMessageA
MessageBoxTimeoutA
CascadeChildWindows
TranslateMDISysAccel
PostThreadMessageW

Exports

Exports

Cslikuhny
SetPrebhrqmwiu
Duqpwghe
Pcdpcjae
Hjglxsjsub
AddCoyknfcct
Ggmeskvt
ReadEmamceidc
Pmejxjgxfj
Rismdnw
WriteSpyonpg
Loqxxrwyjta
Wgiikua
Giabnfua
Deberae
Pypbmmhqpi
Fppylwow
Vbsuwojbo
CreateRgbwpqmyn
Vjesybv

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ