6ae2df35ba87dc0f13a4981e7955c01f_JaffaCakes118 | Triage

Sharing

General

Target

6ae2df35ba87dc0f13a4981e7955c01f_JaffaCakes118
Size

496KB
MD5

6ae2df35ba87dc0f13a4981e7955c01f
SHA1

0a43809054f479fa72faa9f903fb52a913acb375
SHA256

ff5c4eb575647103f4c16854bbfca9f45c201b9f32cbd5d0b568391ac29883eb
SHA512

1f307b70b6b89ef3fe04ac335c935e96efb966dd79d9a15e3df7831c16d7044c002ee5382ef975df7aa194ee29987fc1151a4517eb2fc99820b95fe98fc92f26
SSDEEP

3072:cTzJxszi7OB9sYklu+8U+IHj59wGwMEuRJtQe9o27cLa:FzkOBtklug+IHjfwp/Asx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6ae2df35ba87dc0f13a4981e7955c01f_JaffaCakes118

Files

6ae2df35ba87dc0f13a4981e7955c01f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b958a84641a8deac0925f1f5bdab1746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetOutlineTextMetricsW

kernel32

GetProcessVersion
GlobalDeleteAtom
GetNamedPipeServerProcessId
UnregisterApplicationRestart
FlushProcessWriteBuffers
GetNamedPipeClientProcessId
FlsFree
GetDriveTypeA
GetCompressedFileSizeA
GetModuleHandleW
Module32FirstW

advapi32

GetUserNameA

user32

GetScrollBarInfo
GetRawInputDeviceInfoW
PackDDElParam
LoadIconA
DrawTextExW
GetInputState
SetFocus
DrawIcon
GetClipboardViewer
GetLastInputInfo

secur32

InitializeSecurityContextA
FreeContextBuffer
DecryptMessage

ole32

GetRunningObjectTable

comdlg32

GetOpenFileNameA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ