bf618bed2017d72cd614b9db2f00d449_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf618bed2017d72cd614b9db2f00d449_JaffaCakes118
Size

315KB
MD5

bf618bed2017d72cd614b9db2f00d449
SHA1

9ae8ac781e09fca9729e22e0c904aec0fa3372f4
SHA256

46559d527f5212f09ec34a30e8f4b09b1ea8cb88411e1c455b883cc63ef5e8aa
SHA512

034a34279b280c93bb5aed0cd38d492d9f0040d8fe8ed86bebc3be5ac90410872a0c2de83993e79886aa52041a5a5b094a7b1bd80485180219324c355fd52686
SSDEEP

6144:wInKZ+iGRnum3nRDqbtHfyncZk0fyeiVCsX6sc26ZpZXvZNWZ7CIW0Ra:HnKZxbmhDaZKnci0f5iHX6sc26ZPfZUO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf618bed2017d72cd614b9db2f00d449_JaffaCakes118

Files

bf618bed2017d72cd614b9db2f00d449_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f726bd7f1f33fe7f5b219a2a5b49f3c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CreateNamedPipeA
GetProcAddress

Exports

Exports

dteqnpkl
sxtyfmfvx
zkzrgadzjozdt

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ