6ebc5c6c70e6b9e3cbb9f6b85df17cc7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ebc5c6c70e6b9e3cbb9f6b85df17cc7_JaffaCakes118
Size

153KB
MD5

6ebc5c6c70e6b9e3cbb9f6b85df17cc7
SHA1

04a633de201187384bde20194a64566ba02d8d1e
SHA256

feda00e8fa558dfeed18e689b0745d8058446d3ce4fd4d5696d8d60ae7f638cd
SHA512

5b0cef7b589febc96579b97e57fc0f213629028ffccf3c894cc1f22dbb0c42b277be8142178231b1c16b44b87934bd8d22e1caff0a52419fc8f70d090a9dd822
SSDEEP

3072:UQvzw9Vo7ZZ859wVtpvL9zgU27hXZky5knMhAwqsPzjbixT9ERTg:UBVq859idL98U2tJky5JKwqsPGx5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ebc5c6c70e6b9e3cbb9f6b85df17cc7_JaffaCakes118

Files

6ebc5c6c70e6b9e3cbb9f6b85df17cc7_JaffaCakes118
.exe windows:6 windows x86 arch:x86

92888e62b24b4ffff16a1ceca5c07a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

BitBlt

user32

GetDC

msvcrt

free

api-ms-win-core-localregistry-l1-1-0

RegCloseKey

comctl32

ord17

ole32

CoInitialize

oleaut32

SysAllocString

shell32

ShellExecuteW

gdiplus

GdipFree

ntdll

EtwEventWrite

uxtheme

IsThemeActive

dwmapi

DwmRegisterThumbnail

shlwapi

ord487

imm32

ImmDisableIME

Sections

.MPRESS1
Size: 83KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE