66bac30c44aea6d125048e6a31ab6043_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66bac30c44aea6d125048e6a31ab6043_JaffaCakes118
Size

104KB
MD5

66bac30c44aea6d125048e6a31ab6043
SHA1

93816db6ea5647dd19567919f1e112c2a7b6a7a9
SHA256

07c58ac7886991fef6439b5e5270ca1d9e1086ce829eb75d6c0e608a6075d3e1
SHA512

dfd0763644914e54a655c36f516bd24a3b03d70e6a6ab50b384b4a7b46d6da1bfef363ea04c59c5b03617235a3ec597a907a8f0a04024aea06524ec842543d7b
SSDEEP

1536:T94pgllJKYsklt2EXRlU1kWnkJSKpRbCIBwVPfkrsswKuFPQyaeNfUMZNX:T8gllwYsk/NRmyyY3ptORVswppUMzX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66bac30c44aea6d125048e6a31ab6043_JaffaCakes118

Files

66bac30c44aea6d125048e6a31ab6043_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8681b8cb4fbc9266904ef3ab2bf00e16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFileEx
CloseHandle
GetTickCount
SetProcessShutdownParameters
GetUserDefaultLCID
GetThreadId
GetVersion
CreateFileMappingA
VirtualFreeEx
WriteFileEx

gdi32

DeleteMetaFile
EndDoc
CreateDiscardableBitmap
GetPaletteEntries
LPtoDP
GetTextMetricsA
Escape

ole32

CoResumeClassObjects

rpcrt4

NdrConformantArrayMarshall

cfgmgr32

CM_Get_DevNode_Registry_PropertyA

user32

SetCursorPos
DdeReconnect
CreateCaret
GetWindowThreadProcessId
GetCapture
GetShellWindow
GetMessageTime
GetClipboardSequenceNumber
IsHungAppWindow

crypt32

CertDeleteCTLFromStore

setupapi

SetupGetSourceInfoW

urlmon

RegisterMediaTypes

shlwapi

SHAutoComplete

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ