6404079117fdcfa3a34eecb4009b407e_JaffaCakes118 | Triage

Sharing

General

Target

6404079117fdcfa3a34eecb4009b407e_JaffaCakes118
Size

128KB
MD5

6404079117fdcfa3a34eecb4009b407e
SHA1

1a0455583d0dfa71b8cf00a431ec9fb034e31670
SHA256

bbd2e2fbf9de689b293485b4cd01e9455201a3974a3082b68862e2e98d76d65c
SHA512

52cf0670e2b3106fa6fba0e1a34bc6e9588d2c66ed63a6c85119b8cd5c6709f4feb8d0918d0b953eb1290733a6aadf3adbdb61170c09e83954f052499c4c4709
SSDEEP

3072:nPAAAAAAAAAAAAAAAAAA0AAA6XWAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAALo9AAe:dS2eSATfi7I1RVJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6404079117fdcfa3a34eecb4009b407e_JaffaCakes118

Files

6404079117fdcfa3a34eecb4009b407e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a19091b26ea28519dccb7361df0c260d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM
IMAGE_FILE_BYTES_REVERSED_HI

PDB Paths

1ddS.pdb

Imports

msi

ord30

advapi32

EnumServicesStatusA
GetFileSecurityW
GetSecurityDescriptorGroup
GetOldestEventLogRecord

winspool.drv

OpenPrinterW

user32

GetTitleBarInfo

version

VerInstallFileA

gdi32

ExtEscape
GetTextMetricsA

msvcrt

fputws

kernel32

GetTickCount
WTSGetActiveConsoleSessionId
IsProcessInJob
DefineDosDeviceA
GetBinaryTypeA
GetModuleHandleA
GetModuleFileNameA
GetUserGeoID
FillConsoleOutputCharacterA
DeactivateActCtx

Sections

.AD8Te
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ