6b055a631f1770dcfc2d50dfa6b36786_JaffaCakes118 | Triage

Sharing

General

Target

6b055a631f1770dcfc2d50dfa6b36786_JaffaCakes118
Size

828KB
MD5

6b055a631f1770dcfc2d50dfa6b36786
SHA1

9ce44107908dbddf1e1139ff8ff8d86ff3f5e8bb
SHA256

2645cc7bfde1325875b5fa2dab3c807da5bd75d171d88ebecbee17c311f6b31e
SHA512

aa3ca58be89672c0ddcc46dd7fad15e8240a42c0a69bf8b72cfe95f195b41965617b3022f3b1a176107452ff5e7412114a4b902f282d540186fad65245893ff3
SSDEEP

3072:yCX7HYtV7eTDakBi2+PUFvw9qRBtHdp7R:yCX74tV7yDakBucFD3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6b055a631f1770dcfc2d50dfa6b36786_JaffaCakes118

Files

6b055a631f1770dcfc2d50dfa6b36786_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc4e4903217787a67036a221a0435e8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wh@##weh.Pdb

Imports

opengl32

glEvalMesh1

mscms

UninstallColorProfileW

kernel32

GetModuleHandleA
GetNLSVersion
SetConsoleCursorInfo
InitializeSListHead
GetSystemRegistryQuota

oleaut32

SysStringLen

user32

GetSubMenu
CallWindowProcA
UserHandleGrantAccess
CreateCaret
GetCaretBlinkTime

ntdll

wcstol
memset

gdi32

GetTextFaceA
AngleArc
GetWindowExtEx
DeleteObject

shlwapi

StrTrimA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 744KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ