388bf28c08d95537e6d62e9abcac68d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

388bf28c08d95537e6d62e9abcac68d7_JaffaCakes118
Size

182KB
MD5

388bf28c08d95537e6d62e9abcac68d7
SHA1

645be390ff8ecaa4c4cbd88bac429e7dd7616bd5
SHA256

d3fea51f86d38e80f801716782f7c617ffd897d328f4f0e8094f0289b2490b72
SHA512

a11a49171e7b9346b98952c5001d78046579d64926046cc14c6c5d3858c91893c29ec82a68365525c0c45872bbefd1285435798ca32bf229c197df904a8a3070
SSDEEP

3072:5jlzNUVteqPx9jnZSh1jHfdXYQzQdfmRuFnhBIkOHGXP+rN/2sObGPhnxMoV1Myi:HzNUveq3ZMDmzgRuFEHA+rN/WbGP7HiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
388bf28c08d95537e6d62e9abcac68d7_JaffaCakes118

Files

388bf28c08d95537e6d62e9abcac68d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4b5be371cdbbe3aacb245829ed0a2f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance

msimg32

AlphaBlend
TransparentBlt

rpcrt4

I_RpcFreeBuffer
UuidCreate

kernel32

FlushInstructionCache
LocalFree
LocalAlloc
ExitProcess
ExitProcess
SetLocaleInfoW
GetVersionExA
LoadLibraryW
GetModuleFileNameA

winmm

timeGetTime

gdi32

StretchBlt
CreateCompatibleDC
DeleteDC
GetObjectType
CreateDCW
CreatePen
SelectObject
CreateDIBSection
LineTo
SetStretchBltMode
BitBlt
CreateBitmap

comctl32

ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter

user32

ClipCursor
RedrawWindow
TrackPopupMenuEx
FindWindowA
CreatePopupMenu
DestroyMenu
GetDesktopWindow

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ