67e6bd2b98dc81d36a9830013a85a6e9_JaffaCakes118 | Triage

Sharing

General

Target

67e6bd2b98dc81d36a9830013a85a6e9_JaffaCakes118
Size

197KB
MD5

67e6bd2b98dc81d36a9830013a85a6e9
SHA1

3b1a7eaf6bff8624310ae00bf111980f5b674d42
SHA256

6bb7a2274c0597e2394731adc144d5c62d5d043ada9ea2d9e3a0ebab2c073040
SHA512

2356ad992a89eb109815b424a25fb2596ceb6d0b476c1a602bc569a8a2bb2e15e8b068d2f028f10e17e3aa525fd9b4722f56a291a76a2ce46a59c85e9cbf88df
SSDEEP

1536:zm7qvaF6GpSFuj0ZlYPBa5F0kx2iO+Ly2qdCFYrE/lKg62rfI:tknS0s2kYF++25AEtk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
67e6bd2b98dc81d36a9830013a85a6e9_JaffaCakes118

Files

67e6bd2b98dc81d36a9830013a85a6e9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1459043a493e7f6e303cba32ab87b91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Rasapi32shell.pdb

Imports

msi

ord29

user32

SetMenuInfo
CreateDesktopW

oleaut32

VarCyAbs
VarCyCmp

gdi32

SaveDC

kernel32

FlsFree
FlsGetValue
GetUserDefaultLCID
CreateIoCompletionPort
GetThreadId

rpcrt4

RpcServerUseProtseqExW

wininet

InternetConfirmZoneCrossing

ole32

CoRegisterMessageFilter

winspool.drv

AddFormW

winscard

SCardEndTransaction
SCardTransmit

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ