6b2e8f598b3ea45e75f58a0fbe29def9_JaffaCakes118 | Triage

Sharing

General

Target

6b2e8f598b3ea45e75f58a0fbe29def9_JaffaCakes118
Size

180KB
MD5

6b2e8f598b3ea45e75f58a0fbe29def9
SHA1

e2aafcb47d53be4442286e55659fd28a17467fb8
SHA256

e9b0ae0a043e8f451b2d72ffea650eacbc6e7011e945c290b5fe5e1f71c6f9fc
SHA512

e4ece6dc8ba2194a0901531f23608f206223b8aad7468413d5f65f93021c26c1077a91968fbb2662aecbd7baab5468a8f7944f22083c3d0fbdf980d65f6a9882
SSDEEP

3072:2n9ENCFkPh0fw+eff2ktl4eqGZNdCkGEaFaB/8Qeko7qLueL+:AqPh0Deffn7qGRvHom+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6b2e8f598b3ea45e75f58a0fbe29def9_JaffaCakes118

Files

6b2e8f598b3ea45e75f58a0fbe29def9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5038e89c1ccc83e6509e1cabb8b9e7d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetThreadToken

user32

GetParent
GetDesktopWindow
SetSysColors
MenuItemFromPoint
GetShellWindow

gdi32

SetRectRgn
SetViewportOrgEx
ResizePalette
SelectPalette

kernel32

GetThreadLocale
GetNativeSystemInfo
PrepareTape
GetCurrentProcessId
GlobalLock
EnumUILanguagesW
UnhandledExceptionFilter
GetCommandLineA
GetSystemInfo
GetConsoleDisplayMode
GetNamedPipeServerSessionId
WideCharToMultiByte
GetCurrentConsoleFontEx

winscard

SCardIntroduceCardTypeA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 88KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ