0dbdedb90e36fa60ba6deb0928506f02_JaffaCakes118 | Triage

Sharing

General

Target

0dbdedb90e36fa60ba6deb0928506f02_JaffaCakes118
Size

121KB
MD5

0dbdedb90e36fa60ba6deb0928506f02
SHA1

278d6624057d3304b6ca1e96f4e1d88f4de0488f
SHA256

daf6d4d83efdcbef5fe03079a37d118ccfacfe7ba2f35b0b0fe5d46c4c93e870
SHA512

a52ed7face0b6b14239ee8ae9443bc62a68de5e77c9e1b20e91db033f0033990aea6d4897984af0cd579d0d2dcaab55fcf2e4f2136a4b1cb1f7245ab08775241
SSDEEP

3072:NXvvRDNzgfAtykj7Y4GMSxNmyEsH5DFHEjrTznBt:N/JBzntnjbGPxNmyXH5RQ1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dbdedb90e36fa60ba6deb0928506f02_JaffaCakes118

Files

0dbdedb90e36fa60ba6deb0928506f02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4501f0f4bcc646a898d54d563cbe3707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PostMessageA
IsChild

Exports

Exports

IsFnwhanxg
GetWukjsnoc

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enewdat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ