bd9946ed856676eddb05d77356eaa95a_JaffaCakes118 | Triage

Sharing

General

Target

bd9946ed856676eddb05d77356eaa95a_JaffaCakes118
Size

76KB
MD5

bd9946ed856676eddb05d77356eaa95a
SHA1

3233ca907b58a27ad653a59398863d554d14519a
SHA256

7c2c448ceb2fab09e5c011410319472a58cb6030dbeefd08d5acf9470d86d59c
SHA512

65288cbdc990830ea1eddd37f968790c631ba2af6f888ba3c488c2d2ec720e1781918f46a6284c81e7d8000bed53f4d09118ecf76feed8f8453c7a4d6ccfd142
SSDEEP

1536:vA8AKzN8mQX77t8/sUsluPf32tx8H26habOC:ooN8mQX77GF332i2cC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd9946ed856676eddb05d77356eaa95a_JaffaCakes118

Files

bd9946ed856676eddb05d77356eaa95a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49d9dff4cda47db05b18499fcbf60225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
GetProcAddress
VirtualProtect
LoadLibraryA
lstrcmpiA
IsBadReadPtr
VirtualAlloc
CreateThread

user32

SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
KillTimer
SetTimer
DefWindowProcA

Exports

Exports

fgdfgddfgffg
sfgdfggtbfdb
start

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ