54ed02b161c49720c2409382caa8b873_JaffaCakes118 | Triage

Sharing

General

Target

54ed02b161c49720c2409382caa8b873_JaffaCakes118
Size

140KB
MD5

54ed02b161c49720c2409382caa8b873
SHA1

dbb8937a07a077ddddff013dfa3462f9c4f785b6
SHA256

faf13561d39bb0be0eff6ca76605a1b90ed202d4784847c8337c10118e3aea94
SHA512

c79850a897510677a5c3b2204d6c2f40fa0f5b6e7c088d1ad8cd49231ccc095d5aa4a73ca6c69afe3341e42b7fba08caaf45b8805ad6cacab6a4fdd076b8bb12
SSDEEP

1536:x5L2S76evqFc7tOqvys8vjTbm3IG0QTDf8CXbxN/e2xuLDb2wrmYrgEVow:vN7hvImSs8LTbm3oQPf3n/b0n5m0Vow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
54ed02b161c49720c2409382caa8b873_JaffaCakes118

Files

54ed02b161c49720c2409382caa8b873_JaffaCakes118
.exe windows:6 windows x86 arch:x86

027c0909a011ad5a9564e0f21dc45202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DrawMenuBar
GetWindowTextLengthA
InternalGetWindowText

cfgmgr32

CM_Add_Res_Des

gdi32

LPtoDP
SetTextCharacterExtra

shell32

ShellExecuteExA

kernel32

WritePrivateProfileStructW
GetConsoleWindow
SetConsoleCursorInfo
GetModuleHandleA
GetConsoleOutputCP
GetBinaryTypeA
FreeConsole
GetConsoleCP

advapi32

QueryUsersOnEncryptedFile
CryptSignHashA

oleaut32

VarUI2FromBool
VarR8FromI4
VarBstrFromUI4

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ