7df86e17079c81038425bedbd9b04724_JaffaCakes118 | Triage

Sharing

General

Target

7df86e17079c81038425bedbd9b04724_JaffaCakes118
Size

1.1MB
MD5

7df86e17079c81038425bedbd9b04724
SHA1

6e7ecc6dcb7d7fa1d16113c5f4ab9182a741e716
SHA256

7dadc45dd2e236648f9b9d59ed6401e652b770a8bc383451966671d32fb25d9d
SHA512

23103f5b4ad00fb246cbc795d5860e592bdb7fe23c70dcea2ccbdd0575e7a142e80164f4dc71df6b57c666f7b596e44c2350279e1aec23f0c6573aa118655ba0
SSDEEP

12288:DNe9luCRJ/MbD2XH5i4NThdrd/VznntnnjnnxnnnnntnnjnnxnnX7WbLbyK7InY:DN4luCz/ySXH5i4lrd/Vz7WbLbyK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7df86e17079c81038425bedbd9b04724_JaffaCakes118

Files

7df86e17079c81038425bedbd9b04724_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9fe0c49695a545b0a1f8e43b3ccf343f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetDriveTypeW
GetStartupInfoA
GetProcAddress
GetModuleHandleA
FreeLibrary
VirtualAllocEx
GetProcessHeap
GetModuleHandleW
LoadLibraryW
Sleep
GlobalAlloc

user32

LoadIconW
LoadBitmapA

gdi32

GetDCBrushColor
GetGraphicsMode
CreateSolidBrush
CreateCompatibleDC
GdiFlush
CloseMetaFile
DeleteDC
EndDoc
CloseFigure

advapi32

RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zzz0
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ