024a358444640c5002e51a075d76f020_JaffaCakes118 | Triage

Sharing

General

Target

024a358444640c5002e51a075d76f020_JaffaCakes118
Size

190KB
MD5

024a358444640c5002e51a075d76f020
SHA1

5d24d553f27bd5c7e5dc37a303a7e34aba2d3d51
SHA256

b603c9f991190d6d271362389a564ffa2622c4ee7934ffd8aecf5b9a59a58dbb
SHA512

adc8d3a71fd71a8aa2167b8b613a3e24bffd2ea4936aa933a648ac3230da69ee75de6b8b716ba95eff5569bcb91554ca82aab616d995aa126219bceee4775670
SSDEEP

3072:u3/YNSxVkcPNW3y12DcPSK/McFcAGlHkYtTuVsxIeqafFFwWDp4NiIg4ktGgSwIz:0rvbd1TSAqzE8TuaRfFDWN8tYwIrF/FC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
024a358444640c5002e51a075d76f020_JaffaCakes118

Files

024a358444640c5002e51a075d76f020_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8437d3a9a57e81366193f902319c41d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteTapemark
CancelWaitableTimer
FindResourceExW
Toolhelp32ReadProcessMemory
GetSystemDefaultLangID
WriteProfileStringW
GetConsoleCommandHistoryLengthA
FindVolumeMountPointClose
GetDiskFreeSpaceExW
GetConsoleAliasesLengthW
IsDBCSLeadByteEx
EnumCalendarInfoExA

user32

SetClipboardViewer
GetInputDesktop
IsZoomed
RegisterWindowMessageA
GetMenuBarInfo
MonitorFromWindow
AnimateWindow
SetRectEmpty
GrayStringA
GetMenuState
SetWindowPlacement

shell32

DllRegisterServer

gdi32

SetVirtualResolution
CreatePolyPolygonRgn
GetEUDCTimeStampExW
FONTOBJ_pvTrueTypeFontFile
CLIPOBJ_bEnum
EqualRgn
Polyline
SetMapMode
CancelDC
PATHOBJ_vEnumStartClipLines
SetColorSpace
GetTextCharsetInfo
SetDeviceGammaRamp
SelectClipRgn

Sections

.code
Size: 9KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 177KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ