febd156d2146d8b2b626294c5e9d0e7c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

febd156d2146d8b2b626294c5e9d0e7c_JaffaCakes118
Size

118KB
MD5

febd156d2146d8b2b626294c5e9d0e7c
SHA1

2e07d134e3715e27f5b8371475d9f646a70c603c
SHA256

f7ceb0440f521f883ffa7e582ea2c6a2cc2bb89e75bfb4211ee1e54fe242c86e
SHA512

34b9a5f94cbb487ef6e5df4a69e30c6e1f72ae85099778ac04b84d1127cd975f5ffeb38b0d50b5f6f686e7dafb7c28fa406bb76f4073df757aa72a11d81d64c0
SSDEEP

1536:CmHbAiQQvcv965G8eHIyv1jhxjIxrTQdn8yRWe0k+EK3BFNKn/Fq5B+sbeu6:VMi1vM9608o19xjIoT0YWBngdA+ss

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
febd156d2146d8b2b626294c5e9d0e7c_JaffaCakes118

Files

febd156d2146d8b2b626294c5e9d0e7c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4501f0f4bcc646a898d54d563cbe3707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PostMessageA
IsChild

Exports

Exports

Mgwamhn
InitSgeqvpcn

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enewdat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ