bb8b65e06b1827bd6884fd9cb585d174_JaffaCakes118 | Triage

Sharing

General

Target

bb8b65e06b1827bd6884fd9cb585d174_JaffaCakes118
Size

76KB
MD5

bb8b65e06b1827bd6884fd9cb585d174
SHA1

ec12a6c780f8b188206d037c2b4d45ccde0eef34
SHA256

1abad9f6963d24812a00bffe22151680021f4e73521d8372b72e41dd10c4a14f
SHA512

50410a03d40f9dd95755a71062d382c3975cdb353d1a3147c9862aacf718d784127c356105805f2e25827eaba262af9522944b91591023c553331dd0fc574089
SSDEEP

1536:u/MnQlyS4cdSBaL33VkaSaKJMb1o0JxVMzJhtuXHdLzdpaOyYXoX:4MWSBaL33SaL1d/aTUtLhVF2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb8b65e06b1827bd6884fd9cb585d174_JaffaCakes118

Files

bb8b65e06b1827bd6884fd9cb585d174_JaffaCakes118
.exe windows:4 windows x86 arch:x86

110538341ff7fa811c3e2492a0bb962d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
ReplaceFileA
VirtualProtectEx
ExitProcess

user32

CharUpperA
CheckMenuItem
EmptyClipboard
DeferWindowPos

Exports

Exports

IsAdvrsrgdew
CloseBbtqyxua
InitLacqdtqkhlm
Dowtcbmwp

Sections

.itext
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrt2l1
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrt1l1
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ