468160f2faadbb0a3c575479860f29af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

468160f2faadbb0a3c575479860f29af_JaffaCakes118
Size

58KB
MD5

468160f2faadbb0a3c575479860f29af
SHA1

1ab32c4e16096581b8d316de7b49cc024c577b11
SHA256

e896f8e45b74ac6e7c1ab2518475650320fdefc6caf8a3d63627a906563f71f1
SHA512

5f176103e5a861b0f4584da55a3a5d6c31fc067ff59e838ac649cda9f9cdcf5cccd79c78c6bd5da8deec93c7cd2621d2354ab38b2207678544b087faaa32a318
SSDEEP

1536:MLdVQlo6YPObgGivwN4XKVF/fHXHnW+WZ21:MLcoTOJN4XORPlW8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
468160f2faadbb0a3c575479860f29af_JaffaCakes118

Files

468160f2faadbb0a3c575479860f29af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ce6d58134ff9961528747052f287f84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtectEx
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

GetMessageA
SendNotifyMessageA

Exports

Exports

Scrawwf
Khyikkcm

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enill
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ