fdd795a5352e68af2a654672d5327f66_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdd795a5352e68af2a654672d5327f66_JaffaCakes118
Size

208KB
MD5

fdd795a5352e68af2a654672d5327f66
SHA1

1029bec030d12d3fdfe6b22d92aa9af72194b533
SHA256

18597e7d5e4adfadccc87d0a63886669778f92a21ec62d4d332869fbf7261d58
SHA512

4697cbbc792b7c6442d3f24c511ef954e7272068d6614a72f6cefaf664331dec848d148a8948794a68557d629c4b4978fb2d402290ffeca5bcb26dab114c5c56
SSDEEP

3072:+a8PeCR0kTvbpK/xpnqWrjZSrXND/rmcrCQFtjduiOW3i5upZ3BH/XYEm1:+PSkzbpcxBqW3P1Qd1OWyszZoE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdd795a5352e68af2a654672d5327f66_JaffaCakes118

Files

fdd795a5352e68af2a654672d5327f66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f6423857af0092e9fd2352a698774e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
IsDebuggerPresent
MoveFileWithProgressA
SetVolumeMountPointA
OpenJobObjectA
WriteConsoleInputA
IsValidLanguageGroup
VirtualAlloc
GetProcessId
CancelTimerQueueTimer
GetPrivateProfileStructA
ReadConsoleInputA
IsBadStringPtrA
DeleteTimerQueueEx
FindFirstVolumeA
AllocConsole
IsBadHugeWritePtr
GetFileInformationByHandle
GetVersionExA
GetConsoleTitleA
TransmitCommChar
GetLongPathNameA
GlobalDeleteAtom
GetFileAttributesExA
Process32First
VirtualAlloc
ResetEvent
GetConsoleWindow
GetCompressedFileSizeA
CloseHandle
LockFileEx
IsValidCodePage

tapi32

lineAddProvider

Exports

Exports

Ubcvvbiq
CreateFlxmvqb
Xxyohkn
Bksafwjyl
Xexnmlals
BeginNfdfshu

Sections

.itext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ