3fe71e6eade6c60da725fa31a2c731c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fe71e6eade6c60da725fa31a2c731c9_JaffaCakes118
Size

54KB
MD5

3fe71e6eade6c60da725fa31a2c731c9
SHA1

460e4cd55d63d56c61b0cd0fea0e8dc935e28532
SHA256

b875cfd18d3bd4b68087227e23bbb6eb100951df474e2b6a48d310d1963414df
SHA512

bf8a5b184208084ee0fda74c2321bac34078f1639d99fe01d2cddb56767beeb9d701010da3de26cce101b3cac14655eeb9f5b584ffa741d6cf88008bbe495896
SSDEEP

768:F71/Y5QUyhswjzxFVt3utM417FrLDMbQ+QKilRXblRKOwOq72jH+ea/:F7ODURxF/+S4frLgE+QFrGxOqKa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fe71e6eade6c60da725fa31a2c731c9_JaffaCakes118

Files

3fe71e6eade6c60da725fa31a2c731c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0a324aaf24a48d3caa1ca1314c01f5d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
WriteProcessMemory
OpenMutexA
GetTapeParameters
HeapAlloc
Process32Next
LocalShrink
ReadConsoleA
FindFirstVolumeA
GetVolumePathNameA
SetFileApisToANSI
GetCommandLineA
OpenJobObjectA
CommConfigDialogA
CreateFileA
IsProcessorFeaturePresent
VirtualAlloc
FindFirstVolumeMountPointW
WriteConsoleOutputA
SetLastError
SetConsoleKeyShortcuts

Exports

Exports

IsWlcghgor
WriteDjsprtl
IsGljwklp
GetJovgrktt
IsBclxcaphdve
AddYgiewagvlv
Qsjpseutih
CreateDarhpeqn
Xcqwydmp
Cqqxlixxv
Qoignusnj
ReadRidbove
WriteAdgxgsi
Joeixvtb
Rpddgwywokp
Urfoydick
Vhbyqpfy
EndVgtgwdfm
Qfgjtoml
Jfbsadjvh

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ