e9d59aa2045579a75b67faf6c46a90d6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9d59aa2045579a75b67faf6c46a90d6_JaffaCakes118
Size

26KB
MD5

e9d59aa2045579a75b67faf6c46a90d6
SHA1

c246f0e5cbd9031bc421172f7a054e1eb2400476
SHA256

264798635d628918e494884f199169a8a0393df5f57b5928f5d3eab040ffa10f
SHA512

ccfd741e3c972766b609e062b67528d8b2e6394ffb07eac367bca4ac1b24daf454f246e44e908278b6e68896e5a2db3420a6302901b2cad111756b3e64c75e7a
SSDEEP

768:K+vvE0Bs7cYhiFw8ih4jSFcVH7564/uT:KmEcf2ph4jSSHl64/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9d59aa2045579a75b67faf6c46a90d6_JaffaCakes118

Files

e9d59aa2045579a75b67faf6c46a90d6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4bb95a2ed29767e199a8a83e34ea89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW

user32

FindWindowW
PostMessageW

shell32

SHLoadInProc

Sections

_kelly_
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ