20c9fba1052cee130ce409dce9b1a7f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c9fba1052cee130ce409dce9b1a7f9_JaffaCakes118
Size

401KB
MD5

20c9fba1052cee130ce409dce9b1a7f9
SHA1

c643bee92370caa455faa6431ea3b8e923587776
SHA256

5d140ac04cca3f7214e81270fff2b713c46a1b8d8115af241972c51b344f8fc5
SHA512

f2b3927819a972e4fb1b8877e1d74cc5022d71546050cda431fa9b48c8f459cdb8a06aa929f5b0ca994063080234546216618820f49811deabe8840ab398cc1a
SSDEEP

12288:a2xUmKqYkFYzI8WhB39UZmMimJveUwFkMd/KWZv:7v3YkfTEDnyVZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20c9fba1052cee130ce409dce9b1a7f9_JaffaCakes118

Files

20c9fba1052cee130ce409dce9b1a7f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1be2ec95182857599a86a7f709940137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_spawnvp
_ismbbtrail
_findfirst64
_amsg_exit
wcscoll
_endthread
__p__wpgmptr
__initenv
_mbstok
_chdir

kernel32

EnumDateFormatsW
GetCommandLineA
GetStartupInfoA
GetFileAttributesExW
GetDevicePowerState
SetEvent
FreeLibraryAndExitThread
FindNextChangeNotification
GetModuleHandleA
VirtualProtect
GetNamedPipeHandleStateA
WritePrivateProfileStringA
SetThreadPriority
ReadConsoleInputW
GetFileTime
SetEnvironmentVariableA
GetCommandLineA

advapi32

SystemFunction020
RegEnumValueW
EncryptFileW
SetPrivateObjectSecurity
OpenServiceA
SystemFunction028
AllocateAndInitializeSid
LsaFreeMemory
RegCreateKeyExW

gdi32

ExtCreatePen
GetDIBits
GetFontUnicodeRanges
OffsetWindowOrgEx
CreateDIBitmap

user32

DdeConnectList
CreateDesktopA
EditWndProc
GrayStringW
OpenIcon
SetWindowWord
DestroyCaret
SetWindowContextHelpId

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ