877926ba57d6c72b1f1efe02f12941c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

877926ba57d6c72b1f1efe02f12941c3_JaffaCakes118
Size

104KB
MD5

877926ba57d6c72b1f1efe02f12941c3
SHA1

aad2f34baf8f5d0719918e1d54ba59b359db7438
SHA256

78d4b80761fcd9078b54d165f0a9f390f92b5979495afb85b45a06d66ab03f28
SHA512

ef71fb19da2d2310bbfade4ea82d43dcb2717562a871a56d250b92f13baef9a91753482f1f9d2774d84db8f6c4133dc1d786e9df8015c3301a76164406a63526
SSDEEP

1536:1nYCMq+pPpCm9cgUY0z4AgC2f8jn3XjVcMdT9/Bi8MIyHBEzwFy8ZNAEZp+:fMRpPgEkk1EXBT98uyry8zAEZp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
877926ba57d6c72b1f1efe02f12941c3_JaffaCakes118

Files

877926ba57d6c72b1f1efe02f12941c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2c5968a839682de58c1c766a90d9fe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutGetID

advapi32

SetKernelObjectSecurity

shlwapi

GetMenuPosFromID

kernel32

Heap32First
SetFilePointer
GetStdHandle
GetUserDefaultLangID
EnumResourceNamesA
ReadDirectoryChangesW
GetCommandLineA
GlobalMemoryStatusEx
GetDynamicTimeZoneInformation
LockFileEx
CloseHandle

winscard

SCardConnectW

user32

GetMessageExtraInfo
IsRectEmpty
FillRect
GetMenuCheckMarkDimensions
SetKeyboardState

rpcrt4

RpcBindingReset

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ