0d35b637a8f36cd9587ea6a45bc1f0a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d35b637a8f36cd9587ea6a45bc1f0a8_JaffaCakes118
Size

55KB
MD5

0d35b637a8f36cd9587ea6a45bc1f0a8
SHA1

9f97c049e551c82d81594782bca447982a00edb3
SHA256

d7a3ca019afae7bd0d383ef5645f669966935fc4f660081ec2b2a091f4240c5d
SHA512

d4380a4326c3ed25d095eaaed8bb1118ecfa9acafc9552e9c382f8dd13b4716a913969eccc56cb077e275b05dc7e2e09c90fd99cc16f3f0b0fdcd6beb6041dd0
SSDEEP

768:rqbCdNXq5Q0S6Bir4WS8xjEvu/pGgsPl9vB7ikMxpENCTiBs7tvUgEkNJeJMS:iuXqBirHIMpGVPzvBpMIbgUONJeB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d35b637a8f36cd9587ea6a45bc1f0a8_JaffaCakes118

Files

0d35b637a8f36cd9587ea6a45bc1f0a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4858f4cc9dcfd41a36586391e246e71c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
ExitProcess
GetLargestConsoleWindowSize
GetLocaleInfoA
GetPrivateProfileSectionA
GetVersionExA
IsBadHugeWritePtr
OpenMutexA
ReadConsoleA
WaitForMultipleObjects
WriteTapemark
lstrcmpi

advapi32

AdjustTokenPrivileges
CryptDestroyHash
CryptEncrypt
CryptVerifySignatureA
GetMultipleTrusteeOperationW
LookupAccountNameW
ObjectDeleteAuditAlarmW
RegEnumKeyA
RegEnumKeyExA
RegSaveKeyW
RegSetValueExA
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
StartServiceW

shell32

Control_RunDLL
Control_RunDLLA
DragQueryFileAorW
InternalExtractIconListA
SHFileOperationW
SHGetFileInfo
SheShortenPathA

gdi32

CreateColorSpaceA
CreateDCW
CreateDiscardableBitmap
GdiPlayJournal
GetWindowOrgEx
Pie
SelectClipPath
SetColorAdjustment
SetMagicColors
UpdateICMRegKeyA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE