f295da12a3c7e9280a40255892b1b988_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f295da12a3c7e9280a40255892b1b988_JaffaCakes118
Size

137KB
MD5

f295da12a3c7e9280a40255892b1b988
SHA1

5b0cd79881d5214f5e7b0e4c68c8f18b66bfca48
SHA256

b62544a06e033c0e3f4ea4f3a87245601d921d54182e23d06d2680030da84b7f
SHA512

21290b3076ae57d06e1a7a298ba616f184a9522a488f257e241fb38bd69debdd389d427cc367eff64365bf78d4498a8c983b80ebdcace902352392466d4416b4
SSDEEP

3072:7CDM/npj9w3Z3YgLSYa9JcPvZTnsuNDQPw+OIHxtmK:7CudKJ3ZSYajcPvlPQ/XxUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f295da12a3c7e9280a40255892b1b988_JaffaCakes118

Files

f295da12a3c7e9280a40255892b1b988_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99b3efd38ae1009543e5455249697021

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextExtentExPointA
SetICMProfileA
SetWindowOrgEx
GetClipRgn
DeleteColorSpace
ArcTo

kernel32

lstrcpyW
SetConsoleTitleA
GetFileSizeEx
SwitchToThread
SetCurrentDirectoryA
GetModuleHandleW
ExitProcess
AddAtomA
VirtualAlloc
Module32FirstW
GetCommandLineW
GlobalMemoryStatusEx
GetCurrentProcessId
CloseHandle

iashlpr

ShutdownIas
MemFreeIas
InitializeIas
FreeAttributes
MemAllocIas
AllocateAttributes
DoRequest

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 329KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ