20c2130c99b1ad7d1628e3f9e3c849fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c2130c99b1ad7d1628e3f9e3c849fe_JaffaCakes118
Size

227KB
MD5

20c2130c99b1ad7d1628e3f9e3c849fe
SHA1

787cb849a5d70b5d5a523b7d91d7e75c50851552
SHA256

97e0b9b9f7676e31ba2bb2a17f0b9545682b9a7ad978621ca325bad829d3e392
SHA512

f491ceadd8436701d8a794e8f7ab5db23d2d2fac5a652bebe7a7ded69870ab70b1e6f007a38229c1f6e0746c6bde42a8e1774ebf1a7a1ded60d7dca94f50119a
SSDEEP

6144:8R77opUshkEntBysx8jNkZyHxmRykLXlnZC3Km:8RXopbhk4tBEjdxE77lZC31

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20c2130c99b1ad7d1628e3f9e3c849fe_JaffaCakes118

Files

20c2130c99b1ad7d1628e3f9e3c849fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a5e1604ee9db9bfbf6d422258c20d6ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BuildCommDCBAndTimeoutsA
ExitProcess
GetSystemTime
GetThreadLocale
Heap32ListFirst
HeapReAlloc
OpenSemaphoreA
RemoveDirectoryW
SetCalendarInfoW
SetCommBreak
SetProcessShutdownParameters
lstrcatW
lstrcmpW

advapi32

CryptHashData
DeleteService
DeregisterEventSource
GetNamedSecurityInfoW
GetPrivateObjectSecurity
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
OpenBackupEventLogA
RegFlushKey
SetKernelObjectSecurity
SetNamedSecurityInfoExW
StartServiceCtrlDispatcherA

gdi32

CheckColorsInGamut
CreateBitmap
CreateDCA
CreateScalableFontResourceW
DeleteColorSpace
EnumICMProfilesW
GetAspectRatioFilterEx
PaintRgn
PolyPolygon
SetColorAdjustment
SetEnhMetaFileBits
SetWorldTransform

Sections

.text
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ