0b0c9356c74f3372891645e8022a6fdf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b0c9356c74f3372891645e8022a6fdf_JaffaCakes118
Size

92KB
MD5

0b0c9356c74f3372891645e8022a6fdf
SHA1

7944bb417ddb80500e22c7215388deceba0b4812
SHA256

519e020a48babf4d09f2a44986995387588071daaca0c4637fb70a1786b75e32
SHA512

19259b61fa7918affd37797cf91066d183c10d3abefd06e55c437d27ddd85ef2318cf48428caecbff05138f3741287ea9fbdb6d5bac450f976e31c99283384f1
SSDEEP

1536:UR/DhJYviHGvNR0SVgTHbTjYJmKOKYdA0VWK3n3Sa3HtBg:UR/DsviENu9TjY1RYBVn3Sad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b0c9356c74f3372891645e8022a6fdf_JaffaCakes118

Files

0b0c9356c74f3372891645e8022a6fdf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd13f42b6757976a61f8191d333231cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwQuerySystemTime
ZwConnectPort
NtRequestPort
RtlConvertSharedToExclusive
ZwQueryValueKey
RtlApplyRXactNoFlush
_allshl
NtSetIntervalProfile
_strcmpi
RtlDefaultNpAcl
RtlUniform
RtlUnicodeToOemN
ZwSetInformationToken
ZwReplyWaitReplyPort

Exports

Exports

Myumegomdr
Lwnfvob
ReadYtxgrsmse

Sections

.ldata
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ