24600666569f995f3aacbc734aa183d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24600666569f995f3aacbc734aa183d9_JaffaCakes118
Size

17KB
MD5

24600666569f995f3aacbc734aa183d9
SHA1

fcd6733bf0006748f3cdcfa449a815a97fb92aee
SHA256

42b2e6b8a5baf160b79fd0b16ca077da50ed1fbdc570016050cf0e4a2324e70b
SHA512

ee807ce536e26692b4997ad5262df48c0a3b3fc3832dc4e53b9ba6a9c98ba0832eb328e2b8c4ac9bb4c20b201468f6bad92182944cab4985fc44c1cefbb2707d
SSDEEP

192:6mMkmc2M20fadxI9MLDDG/mDMHIP8DX8aYwdbU2E26/hp/:jmBJcqDDImQlnYwVp96Zp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24600666569f995f3aacbc734aa183d9_JaffaCakes118

Files

24600666569f995f3aacbc734aa183d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72a4b89857be3d93b093351bc3c05a0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetTickCount
GetAtomNameA
GetSystemDefaultLangID
CompareFileTime
SuspendThread
GetVersion
InterlockedExchange
HeapReAlloc
GetConsoleCP
CloseHandle
HeapCreate
GlobalUnlock
LoadLibraryExA
GetCommandLineA
VirtualProtect
WaitForMultipleObjects
LocalSize
lstrlenA
GetConsoleDisplayMode
GetModuleHandleA

gdi32

EngLineTo
GetRgnBox
Escape
CreatePalette
GetStringBitmapA
DeleteDC
GetMetaFileA
EndPath
Ellipse
CreateFontA
GetMetaRgn
CreateICA
GetTextColor
DeleteObject
FloodFill
AbortPath
EqualRgn
GetFontData
BeginPath

rastapi

DeviceConnect
DeviceDone
DeviceListen
AddPorts
PortClose

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ