301efb118b9750b1f7b3aa7d22019019_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

301efb118b9750b1f7b3aa7d22019019_JaffaCakes118
Size

39KB
MD5

301efb118b9750b1f7b3aa7d22019019
SHA1

2c71b90208fc9fa2ca2f9f5a05a0ea8993b9d91f
SHA256

b7e482ee690e1f8f1d4794f69e2955e271660af288db56ae3a7cbd2268c7ee89
SHA512

de8e77937c7c41e828283ad407385b970a334271ae7e5205885c4a6709eaf0c76ac3364cc3b43334144b3b25c05781f000e19b17bbf13a21430e3a430b72a31e
SSDEEP

768:53jvL0T1elgDUW3y7EAZIvRO3SJlsehfLWeCotztjx+WJk+/Mwd:1jzA1elgDkavw2Xhf5ztjx+Akw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
301efb118b9750b1f7b3aa7d22019019_JaffaCakes118

Files

301efb118b9750b1f7b3aa7d22019019_JaffaCakes118
.exe windows:5 windows x86 arch:x86

22b3b107c631385480afb144850481a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
lstrcmpiA
GetProcAddress
VirtualProtect
IsBadReadPtr
LoadLibraryA
CreateThread
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ