3453c99cac39e93c2b071080cd87616e_JaffaCakes118 | Triage

Sharing

General

Target

3453c99cac39e93c2b071080cd87616e_JaffaCakes118
Size

19KB
MD5

3453c99cac39e93c2b071080cd87616e
SHA1

0f8823d638b2bd96a5d6f3902cbb5256442c7aab
SHA256

61dcb816964a07977c5a4a4ee15b13428c833b64854f311542e35bf482ff1c76
SHA512

faebf9d467b66746e7b44555eca56a69bb6cb07320f85d108b21ceb5f9a9f354fd94ac6af5ac44dc62af7b9d037856e74027f5b3936afc4dd63b2d586dbb0ee9
SSDEEP

384:dqku5bf+GTPhGws48mz0QDpZ83hHbq3UZg3pLv/H7knoQk:dqJJf9/sUwQDk3hHmgq3HQoQk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3453c99cac39e93c2b071080cd87616e_JaffaCakes118

Files

3453c99cac39e93c2b071080cd87616e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67cbfaa31c741dedf4ad002909a06625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatA
GetConsoleKeyboardLayoutNameW
GetWindowsDirectoryW
GetConsoleAliasExesLengthA
GetBinaryTypeA
GetWindowsDirectoryW
GetLogicalDriveStringsA
OpenWaitableTimerA
EnumDateFormatsExA
GetConsoleCommandHistoryA
GetCurrentDirectoryA
GetLongPathNameA
SetLocaleInfoA

user32

SetWindowsHookA
EnumWindowStationsA
LoadMenuIndirectA
DrawTextExW
SetPropA

gdi32

LineDDA
GetCharABCWidthsA
GetTextFaceA
GetKerningPairsW
GetICMProfileA
GetKerningPairsW
GetObjectA

Sections

.fasm
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 822B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ