07f4e76d53787e067d6eb230c1f4be83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07f4e76d53787e067d6eb230c1f4be83_JaffaCakes118
Size

78KB
MD5

07f4e76d53787e067d6eb230c1f4be83
SHA1

e8470124e3559c79f2c5d4f22b247b8cdf16f68e
SHA256

86709093443b871ae5f098236ba1270c73f27177d33782c918dadba8dc14458a
SHA512

37b38cc51fb74527fe5f59bec752ccac508daac39481e120e86b91554acb5a5e2909a2492949ef8687e77a9bf39f0bf29f5a7a410744523054b8a876d0b5d681
SSDEEP

1536:Gck1DL1GLiWP4C0VwqosdZA5htpXq7EQtSVnsQEeNARCNYhTrA07g:GR1DZGh3Uox5htMPeAmcxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07f4e76d53787e067d6eb230c1f4be83_JaffaCakes118

Files

07f4e76d53787e067d6eb230c1f4be83_JaffaCakes118
.exe windows:5 windows x86 arch:x86

618086036e1129f334cf4ed7cad0484a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MZWZiAChL9qRMZc8.pdb

Imports

rpcrt4

NdrConformantArrayUnmarshall

ntdll

memcpy

user32

EnumDisplaySettingsA
GetClipCursor
GetCaretBlinkTime
GetFocus
RegisterClassW
GetInputState

kernel32

GetThreadPriority
lstrcmpiW
Sleep
GetCurrentThread
VirtualQuery
GetFileSize
GetFileType
CreateFileW
lstrlenW
CloseHandle
IsDebuggerPresent
GetModuleFileNameW
GetDiskFreeSpaceExA
lstrcmpW
OpenThread

wintrust

CryptCATAdminAddCatalog

shlwapi

PathGetArgsW
PathIsPrefixW
PathIsRelativeW
StrCatBuffW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ