196909fb26a64b9f26fc18b74088e743_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

196909fb26a64b9f26fc18b74088e743_JaffaCakes118
Size

33KB
MD5

196909fb26a64b9f26fc18b74088e743
SHA1

da34d8c0e56a15b19ed6f8a788c436e57fd76275
SHA256

241093c5b7cb530bb323a0a2c29f698b82957b813a84e01367eafda010a2fa5c
SHA512

c1d2546bf16fc59058d8df2c7445f705096d4ef8076d3ab8bb970dbfcab485963b5a2b8482e1e227e95186c83e7c50e085d525ab1abdc5deb81d5b47cb10066e
SSDEEP

768:ZXXyJ3g4vtWUf/ro3hND+ZSwy0bPOJllFZBr:piJVvtXkNJwnDEVr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
196909fb26a64b9f26fc18b74088e743_JaffaCakes118

Files

196909fb26a64b9f26fc18b74088e743_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3f615bcc1295ff62fa061abb3a9cd4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetThreadSelectorEntry
ExitProcess
GetModuleHandleA
GetCommandLineA
GetCPInfoExA
GetCurrentProcess
GetPrivateProfileStringW
HeapAlloc
CreateThread
EndUpdateResourceW
_hwrite
FreeResource
GetProcessHeap
EnumTimeFormatsW

msvcrt

_heapset
_cputs
_mbctype
srand
_fcloseall

user32

DdeInitializeA

gdi32

GetSystemPaletteEntries
GdiSetLastError
SetMetaRgn
RoundRect
GetDeviceCaps
SetROP2
CreateFontIndirectA
CreateRoundRectRgn
CreateDIBPatternBrush
EndPage
EnumFontsA

ole32

CoFileTimeNow
PropVariantCopy

advapi32

EqualPrefixSid
QueryServiceLockStatusA
GetNumberOfEventLogRecords
IsValidAcl
MakeSelfRelativeSD
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ