e480e28c74a635845673fd030eb47734_JaffaCakes118 | Triage

Sharing

General

Target

e480e28c74a635845673fd030eb47734_JaffaCakes118
Size

268KB
MD5

e480e28c74a635845673fd030eb47734
SHA1

913f51d9deee32c6953a3ce9fbe04dd85f4c78f1
SHA256

d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45
SHA512

620d5be5d4874d5f89b2d301e9900fb25c11cf1630c5fd901e8d34e71ea3c467931e3b284bb16309e26a81a79ba1abd945c20ea908917e378fdac356c54e1571
SSDEEP

6144:mU2ggwQt/uqv8uLjPMRnuCKc8E46U+mxHYQsl4DrNr1Hzkmct/036YFTKT:mU1HKc8EnIN5ssrNrumcS36Y6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e480e28c74a635845673fd030eb47734_JaffaCakes118

Files

e480e28c74a635845673fd030eb47734_JaffaCakes118
.exe windows:6 windows x86 arch:x86

47a24eb087bd2cccbffba4143950f63a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetCandidateListCountW
ImmDestroyContext
ImmSetCompositionStringW
ImmSimulateHotKey
ImmGetContext
ImmSetHotKey

normaliz

IdnToUnicode

version

GetFileVersionInfoW

kernel32

VerLanguageNameA
GetConsoleWindow
LocaleNameToLCID
VirtualProtect
IsValidCodePage

loadperf

UnloadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA

odbc32

ord38
ord247

mscms

CreateMultiProfileTransform
UninstallColorProfileA
CheckBitmapBits
ord1

mpr

WNetGetLastErrorA
WNetDisconnectDialog1A
WNetCancelConnectionW
WNetGetConnectionW
WNetGetUserW

user32

VkKeyScanA
ShowWindow

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ