120899fd0bb9d64bca6408f8e349c902_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

120899fd0bb9d64bca6408f8e349c902_JaffaCakes118
Size

158KB
MD5

120899fd0bb9d64bca6408f8e349c902
SHA1

fbb52490211b9489fbbd5615661299019d660d14
SHA256

e73132a5688d1cdcf4c01f7dc100373ffcc11de062361350772b5b5fa67832ff
SHA512

2f509497655ae687df90353663675e7a20d6c7a9dca9f7aa326180be1987b11ae64827677f253366b5bc802b4bd54171c627eec31e2b60340cf5842b5228f054
SSDEEP

3072:zMOXeaUSo5BVD7nCrmXt+buM3IIYNafOYVS570M9kdatGCO+xmBc+hMchPQyX2:125DirUwbukIHNFCs7nyatGt+SbFH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
120899fd0bb9d64bca6408f8e349c902_JaffaCakes118

Files

120899fd0bb9d64bca6408f8e349c902_JaffaCakes118
.exe windows:6 windows x86 arch:x86

109c7196416efd0fd99b2dc220cd3529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

SetBkMode

user32

CopyRect

msvcrt

_iob

comctl32

InitCommonControlsEx

ntdll

RtlUnwind

shlwapi

SHSetThreadRef

shell32

ord74

ole32

DoDragDrop

uxtheme

GetThemeSysFont

gdiplus

GdipDeletePen

Sections

.MPRESS1
Size: 65KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE