ff80c53d1fde27eb015773389f105fc0_JaffaCakes118 | Triage

Sharing

General

Target

ff80c53d1fde27eb015773389f105fc0_JaffaCakes118
Size

384KB
MD5

ff80c53d1fde27eb015773389f105fc0
SHA1

d8b2ebd0da3b0f02a60626f35b2e141471f06639
SHA256

4f3a888ad784c9594a6127b39a32a0ebd6233e44854ba9e2a3e1f3b0808eea2f
SHA512

7cb28c0cb648d3ab4e0a7d801ca1e30fc1fdca784d5952cd843c46d608dbc57d2bc4dce9829f79f51b0667c3b1ca61405a295e7336916c9015bcf4ee36734cca
SSDEEP

6144:yDNVkzmZygclZLoQt7UCFHwe71doQ4ssVMlG3f0Qh4c8fy1ps2S/6bx9smFRxr4Y:yDNVqmZyggZLoQtUCpwe71doQdsVg0fZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff80c53d1fde27eb015773389f105fc0_JaffaCakes118

Files

ff80c53d1fde27eb015773389f105fc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd935b3fae133755530d5e3bf00654a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetMalloc
SHGetFileInfoA

gdi32

DPtoLP
CreateHalftonePalette
SetViewportOrgEx

advapi32

AbortSystemShutdownW
RegQueryValueExW
CryptSetProviderExW
CryptSetProviderW
RegOpenKeyExW
CreateServiceW
RegFlushKey
LookupPrivilegeNameA

user32

GetWindowContextHelpId
PostThreadMessageW
DlgDirListW
DdeCreateDataHandle
GetTabbedTextExtentA
UnhookWindowsHook
LoadMenuA

kernel32

ExitProcess
HeapFree
GetSystemTimeAsFileTime
VirtualQuery
SetConsoleCP
GetStringTypeA
WritePrivateProfileSectionA
HeapLock
GetCurrentProcessId
GetTickCount
InterlockedExchange
UnmapViewOfFile
RtlUnwind
HeapReAlloc
GetCurrentThreadId
VirtualAlloc
FindFirstFileExW
RemoveDirectoryW
GetCurrentProcess
LoadModule
lstrcmpi
GetCommandLineW
QueryPerformanceCounter
TerminateProcess
GlobalUnfix
GetModuleHandleA
SetVolumeLabelW
GetProcAddress
HeapAlloc
LoadLibraryA
GetModuleFileNameA

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ