fe8da35959cc1a748e7433bc6e7612dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe8da35959cc1a748e7433bc6e7612dd_JaffaCakes118
Size

56KB
MD5

fe8da35959cc1a748e7433bc6e7612dd
SHA1

cb1620955398028a4e9090f1b097c233ead53fa6
SHA256

4b54ecc216cf6ef80c1315084d366c39541d86e482ba705e6b1ca58ecee7b69e
SHA512

5b742c9daef54747049d3934901f98c5fd44e6ea7b0961d4c4adcd0d36b9f742a6f606f5f22469300a8a84ab1fb80f0b5e4525981d73753dd5ce978c883a357a
SSDEEP

768:0k0AhvU0Ps/7kLQZTqFVHq+nVT8l1XnOXuqB0fXK1h2MzNBOPb:0SUj9sTTx8r3OXuQyPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe8da35959cc1a748e7433bc6e7612dd_JaffaCakes118

Files

fe8da35959cc1a748e7433bc6e7612dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4fc7ad79077feb156ae7887228b4df7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
HeapAlloc
GetProcessHeap
VirtualAlloc
ExitProcess
IsBadReadPtr
GetModuleHandleA
GetStartupInfoA
GetProcAddress
GetDateFormatA
GetEnvironmentVariableA
GetStringTypeW
LoadLibraryA
AttachConsole

user32

GetMenuState
TrackPopupMenuEx
GetAsyncKeyState

gdi32

GetMetaRgn
CreateFontW
EnumObjects
EndPath
GetTextCharsetInfo

msvcrt

_initterm
free
memcpy
malloc
memset
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_chkesp
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Exports

Exports

dlmllez
ivgverk
nofdogz

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE