858beaaca66e08525cd60da48f99e6d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

858beaaca66e08525cd60da48f99e6d1_JaffaCakes118
Size

91KB
MD5

858beaaca66e08525cd60da48f99e6d1
SHA1

9aa95f6d37264462ac7691465afe32956aa4b194
SHA256

48da6cff1de6fcae8887db5137b56494e2f7192f7247339f718ef058b0e911fc
SHA512

b76d0d3edb954c7f1de945dfd9402faa735144bce44f6b25fb5d3b0c046af9487363daa05d7bb8949f687dc3e8b6d920b93700671cfd4612d387ce8766120d5e
SSDEEP

1536:Vvxy/L7nz34MvH+Rt5OnwsJtvhbQbWacv1CWknHOveaAKMQlYoCKHuUAoch7Cpz0:NxwzzIMf+RtHsJtJQfcWnHOvwoCiuFo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/n9yk1

Files

858beaaca66e08525cd60da48f99e6d1_JaffaCakes118
.zip

Password: infected
n9yk1
.exe windows:5 windows x86 arch:x86

4b396f2f78cbac8d8c909a4854345cb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryReflectionKey
DeregisterEventSource

kernel32

ReadFileEx
GetCurrentProcess
GetProcessAffinityMask
GetCommandLineA
TerminateProcess
GetCurrentConsoleFont

user32

GetCaretPos
GetPhysicalCursorPos
ToUnicodeEx
GetMenuDefaultItem
IsDlgButtonChecked
ToAscii

esent

JetInit2

gdi32

GetFontLanguageInfo
GetTextColor
GetNearestColor
GetCurrentPositionEx

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ