33ab850ee5c814d049b3a81634f7b5ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33ab850ee5c814d049b3a81634f7b5ca_JaffaCakes118
Size

208KB
MD5

33ab850ee5c814d049b3a81634f7b5ca
SHA1

472d47afbde6b8f4d6bf81c031372c927384ddca
SHA256

950e96e3db67d9944fe268db1fcc8d621a11adbe9ee2b7561664de0f91e0093a
SHA512

e1a23a52c8ea256f4951b0cdd6112e491cf38ec67c7b71bc35853f381cb701c33d468116906a040ef34a94fd9eea811aa05452238509063f2bc760a3e949885e
SSDEEP

6144:LyQLjHumd4ZoZdM8+zReH1OOqsJMBmP9:LyIj/yCZ/+fOqsUs9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33ab850ee5c814d049b3a81634f7b5ca_JaffaCakes118

Files

33ab850ee5c814d049b3a81634f7b5ca_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c78b7a05640a3efa370d05794d520f20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wrjW!qqwqeTHrnwgw.pdb

Imports

advapi32

QueryUsersOnEncryptedFile
SetNamedSecurityInfoA

msvcrt

strncmp

user32

SetScrollRange
InternalGetWindowText

gdi32

GetMapMode
LPtoDP
SetTextAlign

kernel32

GetCommandLineA
GetNamedPipeClientSessionId
GetBinaryTypeA
GetSystemPowerStatus
HeapLock
SetLastError
UnlockFileEx

shlwapi

AssocQueryStringA

urlmon

CoInternetIsFeatureEnabledForUrl

rasapi32

RasFreeEapUserIdentityW
RasEnumDevicesW

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ