21e94f307756536e2d98e6347c54e173_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e94f307756536e2d98e6347c54e173_JaffaCakes118
Size

148KB
MD5

21e94f307756536e2d98e6347c54e173
SHA1

36e6dd9c64a40cc900442fbcc06f35ee43878fde
SHA256

6497066e55b33a06a23b3ca943bdbaa653e21f58d464db1db1aac2f8ff3b921e
SHA512

ee3c8fcfefef200c6af828170a07335faa438560346459d494733e37309a5cdc4e2d2a4c88b943c71d32a3b78d006334db0f0a375fbc598cb9d2b3382ce6552e
SSDEEP

3072:fGqAM3oylwE6avtn/UgVyeqM5eYy8Fs6ueT:fGqfoy9ht/nyeb5eY1qO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e94f307756536e2d98e6347c54e173_JaffaCakes118

Files

21e94f307756536e2d98e6347c54e173_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ef5ae1b87c98cb67a340b060e9a6942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HO_ivtx_Is_Rw.pdb

Imports

winscard

SCardStatusW

oleaut32

VectorFromBstr

shlwapi

PathRemoveBackslashA

wintrust

OpenPersonalTrustDBDialog

kernel32

DeleteAtom
SetConsoleActiveScreenBuffer
SetPriorityClass
EnumSystemGeoID
DeactivateActCtx
GetCommandLineA
GetConsoleFontSize
GetConsoleOutputCP
GetLocaleInfoEx
WaitForDebugEvent
GetFileSize
LocalLock
Thread32Next

pdh

PdhGetFormattedCounterValue

user32

GetMenuState
KillTimer
IsClipboardFormatAvailable
SetMenu
GetMenuInfo

gdi32

SelectObject
GetClipBox
SetICMMode

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ