aa9e46b532129ed3611d921a66a9059e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa9e46b532129ed3611d921a66a9059e_JaffaCakes118
Size

336KB
MD5

aa9e46b532129ed3611d921a66a9059e
SHA1

1e939b48161cd5fca8a876cf4944e46c6e2562b4
SHA256

107e01eae834883c3e6984ed546c32397ca37553c371ef61bdccda764ade5417
SHA512

95e4f6505258aff23f633c41ce6af399198b67420cd4aa390a9427338101425b9b9b0e5683c0140221c514b69ee0f9d1f39eef86739bebc812e25d743754ddf4
SSDEEP

3072:MdMt8x/kONTeoL7q+IyKBkUVV09Zb78XTptIwGeO6Z2CQhhEel7MMT12eEJr7oFx:lTONT9DUVVF0AO6uh1Y80r7g+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa9e46b532129ed3611d921a66a9059e_JaffaCakes118

Files

aa9e46b532129ed3611d921a66a9059e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a574f75853701ed0a9d179d86d55a3e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcMgmtEpEltInqBegin
I_RpcSendReceive

winmm

midiStreamPosition

user32

SetParent
GetWindowThreadProcessId
CloseClipboard
GetKeyboardType
DdePostAdvise
SetFocus
GetDlgItem

urlmon

CoInternetGetSecurityUrl

netapi32

NetApiBufferAllocate

shlwapi

PathGetCharTypeA
PathQuoteSpacesW

esent

JetCloseTable

gdi32

DPtoLP
Polygon
GetPolyFillMode

advapi32

QueryUsersOnEncryptedFile

kernel32

ReleaseActCtx
GetProcessHeap
GetThreadId
GetTimeZoneInformation
GetModuleHandleA

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 271KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ