84a2e7b12013b5b51162f1530c206065_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84a2e7b12013b5b51162f1530c206065_JaffaCakes118
Size

176KB
MD5

84a2e7b12013b5b51162f1530c206065
SHA1

2bd0fe75956ae5bdcd3923c23f2e2239afe320cc
SHA256

33824984e60a5c965234363e101877976c8d8beb9739e17d02462a2f813d86aa
SHA512

9837580e37e005f8277971380c8b182b45029c92930db6c7e5b1f65fe62a74f4331555d9da7323be026af92bc243ece00bd198601a1bba73543bc568b641e7c8
SSDEEP

3072:qZl5igqWdVAl7BUBqJ41NMiD/47nd+iueK+:qj8IdK7W0aMwd+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84a2e7b12013b5b51162f1530c206065_JaffaCakes118

Files

84a2e7b12013b5b51162f1530c206065_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a5913e5385b86d5f263285d3cc8cff78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

FindFirstPrinterChangeNotification

mprapi

MprAdminPortEnum

winscard

SCardEstablishContext

kernel32

GetTapePosition
GetNamedPipeServerSessionId
GetCommandLineA
GetCurrentProcessId
GetThreadLocale
GetNativeSystemInfo
WaitForDebugEvent
GetNumaAvailableMemoryNode
SignalObjectAndWait
LocalFree

gdi32

SetRectRgn
WidenPath
PatBlt

rpcrt4

RpcMgmtSetComTimeout

user32

GetWindowRgn
GetScrollPos
GetCursor
TranslateMDISysAccel
GetDesktopWindow
GetParent
SetMenuDefaultItem

advapi32

SetUserFileEncryptionKey

shlwapi

SHRegCloseUSKey

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 116KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ