0ee14525ed9fc8398e6deb76240674e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ee14525ed9fc8398e6deb76240674e6_JaffaCakes118
Size

57KB
MD5

0ee14525ed9fc8398e6deb76240674e6
SHA1

24a0516fae43bad11828f15cb62934c748d46364
SHA256

d9c195e012c893cb7c6ddf247bcc68aa979e4fdba96a15d783710ec96fd2fb6a
SHA512

6853d2dff7d318d2c7242eb1ad64c104f932c0dafab59c4124c31e7aafda66e6484e2be20687eb3200016392d1060675c6a1079f764732ffa25fdf3a63a5fa6c
SSDEEP

1536:K+XoBpB6KvOYYbK61h12LXCOt8rXC0KPQKH:hXovRGhDh4LSOmkPQK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ee14525ed9fc8398e6deb76240674e6_JaffaCakes118

Files

0ee14525ed9fc8398e6deb76240674e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4501f0f4bcc646a898d54d563cbe3707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

PostMessageA
IsChild

Exports

Exports

IsFnwhanxg
GetWukjsnoc

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enewdat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ