277d2726b4cf42819fa131f4484d0e65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

277d2726b4cf42819fa131f4484d0e65_JaffaCakes118
Size

38KB
MD5

277d2726b4cf42819fa131f4484d0e65
SHA1

b4a4129cae115e7d301e56b99a80e29be5a8eae5
SHA256

ce2a6334768ba432c05780ac76f5dfa65e63ddd9f505e21ae34ce79dcaf1c489
SHA512

84923ba3c8cc163b9f953a11c28299763ec34cc2c994ccb521d7881054bb21855bc8fd06836fd779f54fafe168b921c691664a2a40b5d866e9c66a9e6f5d8c90
SSDEEP

768:r8pKhpKm5u4N/SaaUxpwNpsVLOOTF1D0O/GIsg71:r8pKhpKSLFSaaUxpwoROm1wO/Gpg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
277d2726b4cf42819fa131f4484d0e65_JaffaCakes118

Files

277d2726b4cf42819fa131f4484d0e65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e17c3772c654a44d0830a0118f89ec9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwContinue
NtQueryInformationAtom
LdrLoadAlternateResourceModule
ZwCreateSemaphore
NtQueryMutant
RtlCheckRegistryKey

Exports

Exports

Qkwkwtay
CreateWbijmbxvvu

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 30KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ