b50feda8e4e98e6fd27a788a3bef36e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b50feda8e4e98e6fd27a788a3bef36e3_JaffaCakes118
Size

30KB
MD5

b50feda8e4e98e6fd27a788a3bef36e3
SHA1

8b29ec62763b8cfc85d3a0031fa07b7a94392f52
SHA256

1516c5c9b398ec94eabda8d18613693f835cbf98c555351d9a5ffaa3c98bd303
SHA512

4c59678d3ae3f50a0df9eeffa8a4b83b3b6e0752a653be9fa20ad0d31f4c0951a12a8359cf1df8230ec343eb91dbfb7addde0825b4d75e52ded9de5644610727
SSDEEP

768:X8NKYtpHGL/qQmGIkzzVv7RoAGoAkr0r:CtpHGL/qLGIknHQkr0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b50feda8e4e98e6fd27a788a3bef36e3_JaffaCakes118

Files

b50feda8e4e98e6fd27a788a3bef36e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5b49041ea7fb78f1b8d6b039c735c6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrepareTape
GlobalDeleteAtom
UnregisterWaitEx
GetVolumeNameForVolumeMountPointA
LZSeek
VirtualAllocEx
DebugBreak
GetFileAttributesA
GlobalFlags
FindFirstVolumeA
ExitProcess
lstrlenA
HeapAlloc
OpenEventA

Exports

Exports

Yjqhbtpg
Rqhjneqxvo
CloseBloqhaq
Nhqalouu
EndAlurhlwtc
EndDsmxyvfynyi
Ytfbvdmgpu
Jxvmghh
InitXygxclcun
Pmuipkfc
WriteJixqfan
Epxidxgx
WriteMsxsvxvoob
SetFvtssuf
Cgnpwpw
ReadLinanhrmui
Sjymgankb
Pknommjbjx
OpenPxkkkeilsy
AddNdmevggji

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ