70b9e4807491ec6abbec236bfc2225cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70b9e4807491ec6abbec236bfc2225cd_JaffaCakes118
Size

800KB
MD5

70b9e4807491ec6abbec236bfc2225cd
SHA1

1227b69762bacb461d5b154e8999097df274a103
SHA256

38d1c8ded75f98be4b15c21c02308926711c3d935ff4dd1a274f96b9dec4f7de
SHA512

a9a4b3718cdb2ba87aa64532f14e79c55495afadbf0625952c63c7ceef4d8773d3ecfdf932c612ce6bcdba6d45b9648b8b518744bb6c7d503720c9359e92ba7c
SSDEEP

12288:+I0+OaQK/9h/BoQ/zk+3iGJclT53kgtN8NczFrdqEFUr7S9DE+DTXNf/r:+kOtk7poQr1Jm3kgYNgZqE+7E/H5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b9e4807491ec6abbec236bfc2225cd_JaffaCakes118

Files

70b9e4807491ec6abbec236bfc2225cd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c03a84b917ca812fe4acd22e1cc2c8a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ResumeThread
LoadLibraryA
HeapDestroy
GetStringTypeA
DeleteFileA
TlsGetValue
lstrlenA
GetFileAttributesA
CreateEventW
VirtualProtectEx
GetDriveTypeA
HeapFree
ClearCommBreak
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetCurrentProcess
GetTickCount
OpenMutexA
CancelIo
DeviceIoControl
DeviceIoControl

uxtheme

GetThemeTextExtent
CloseThemeData
DrawThemeEdge
OpenThemeData
GetWindowTheme
GetThemeColor
GetThemeSysSize
CloseThemeData
GetThemeTextMetrics
DrawThemeBackground
GetThemeBool
SetWindowTheme
IsThemeActive

odbctrac

TraceSQLAllocConnect
TraceSQLAllocEnv
TraceSQLAllocStmt
TraceSQLBindCol

msasn1

ASN1BERDecBool

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ