21e9aa31a0962779eca6b315af03dfe9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e9aa31a0962779eca6b315af03dfe9_JaffaCakes118
Size

180KB
MD5

21e9aa31a0962779eca6b315af03dfe9
SHA1

8e38cc69827bb356709aac2cc7c97bf400471047
SHA256

05510c0a1183e716f9830805516c2089c9c55bcce2728e0963549dab8dd27f8d
SHA512

9cfdb02ed52610beb342cabda1e67c14803cb64f5d7df7f7ad179140c3d9a794766712e81e6daa896b59c6f6e1735ff59c247da61798fd17bdfb8d8ec0a7812f
SSDEEP

3072:p7VgLN3ZkQ75sbeDtWEQUmOtP5zZrJ+sMyRrGEmqsIM8BuqCFX:pRYGewUmOt1qWRrGfqsJ8BuqC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e9aa31a0962779eca6b315af03dfe9_JaffaCakes118

Files

21e9aa31a0962779eca6b315af03dfe9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ecf28fd693de7c919b96de321b6060dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

VirtualProtectEx
RtlUnwind
GetThreadContext
GetCurrentThreadId
FlushInstructionCache
CreateFileW
WriteProcessMemory
WaitForSingleObject
GlobalUnlock
TlsSetValue
GetLastError
GlobalLock
GetVersionExW
LocalFree
HeapFree
GetTempPathW
ExitProcess
DeleteCriticalSection
InterlockedDecrement
GlobalAlloc
HeapAlloc
GetCurrentProcess
SetLocaleInfoW
DuplicateHandle
SetLastError
GetStartupInfoA
RaiseException
FormatMessageA
GetCommandLineA
InterlockedIncrement
GlobalFree
InterlockedExchange
GetFileSize
GetWindowsDirectoryW

rpcrt4

NdrByteCountPointerFree
UuidCreate
UuidToStringA
RpcStringFreeA

gdi32

GetObjectA
CreateCompatibleDC
SetMapMode
SelectPalette
UnrealizeObject
DeleteDC
SelectObject
BitBlt
RealizePalette
GetDeviceCaps

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ