3c9c0af9ad9114d96f95a5977687f27b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c9c0af9ad9114d96f95a5977687f27b_JaffaCakes118
Size

68KB
MD5

3c9c0af9ad9114d96f95a5977687f27b
SHA1

0e0dc510cdbf2d7b7eb4567b51ede792190a5e83
SHA256

365ee4adb68b750211f944601e094e3e5b901a3f03ff85fd36ca423175265ece
SHA512

3ba4bab5bd519f8ba6f6f29421481e1e3712eca16ab00ed54ffc5a73e79e0bca6b71f46c57845a474f41bdf8fa84044e835a9de79e6b2f4065339bb7f601298b
SSDEEP

1536:W6PI8Ng+drGUyHmOYdsZr1cD6zNvReAr+rgioCoWcSJ:tPIGlrGl/YuYD65R7hbCoWcq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c9c0af9ad9114d96f95a5977687f27b_JaffaCakes118

Files

3c9c0af9ad9114d96f95a5977687f27b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd5bf7fa562f5261f9d1eec4ad30a6da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
LoadLibraryA
GetCurrentProcess
VirtualAlloc
GetProcessHeap
HeapAlloc
lstrcmpiA
GetStringTypeW
CreateFiberEx
FreeEnvironmentStringsW
TerminateProcess
GetProcAddress

user32

AnimateWindow

gdi32

OffsetClipRgn
GetMetaRgn
ExtFloodFill
CombineTransform
SetGraphicsMode

advapi32

GetServiceDisplayNameA
StartServiceW

Exports

Exports

nqfltkokfv
poswdipckvk
yibrimressdwfwb

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ