07a24a4688982a967eb1b256f4c9a019_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07a24a4688982a967eb1b256f4c9a019_JaffaCakes118
Size

167KB
MD5

07a24a4688982a967eb1b256f4c9a019
SHA1

ae22728843fa5f4decf537350939d5351f02a2e3
SHA256

f5d552169316f7e6722e8596a3e5b3b28852afba6ca866dcedca8c3e1d056fe9
SHA512

928fb37d9e484c029ef6c23c36b5b253d234cc0ba5f29325c4b50b1953422d3ad2762056f042d91e1b6bb62c964ffafc915378510d17ae92a205ca0632b1a8f8
SSDEEP

3072:3PxsXpqfjImx3OKqAQV2v1V50hdeG8xGQ5Yh7issFAENGm0W3mqm:/xipCIG3OnAQjeG8bmRiRFAEEXH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07a24a4688982a967eb1b256f4c9a019_JaffaCakes118

Files

07a24a4688982a967eb1b256f4c9a019_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8fb21ef4d6b2cb3c1b2912d030646c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadContext
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PeekMessageA
SendDlgItemMessageA
GetParent

Exports

Exports

Gkwaamw
Xvcrthxk

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA1
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enill
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ