3ddd11c8a7a9dfb0c611a8d84d35a5d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ddd11c8a7a9dfb0c611a8d84d35a5d3_JaffaCakes118
Size

144KB
MD5

3ddd11c8a7a9dfb0c611a8d84d35a5d3
SHA1

09fa2262d037479933c695de207bfef9b4d42d65
SHA256

f84895f1a9ff6440c10694932c9e97b6900e9e8d8fdcbf1737019ca50e098382
SHA512

94a5b589495bb2efd9ccb0d7bf52174746c15bc11330ee6740d12142b53d8bd6d898a0fded2a7f949b4c4fe9904be5e8089648a5cd24a143a043f0a770fab0da
SSDEEP

3072:1WZ65jV6Exqct3+I/WtHXedJ5CbSxOtkwTIzbx4L1f6rjGz0X:Qs5jV6EII/WJykbCO9I/ayez0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ddd11c8a7a9dfb0c611a8d84d35a5d3_JaffaCakes118

Files

3ddd11c8a7a9dfb0c611a8d84d35a5d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6b84610d595fea9c0a5e7cd16512087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
DeleteTimerQueueEx
SetLocalTime
HeapFree
_hread
BackupWrite
GetLocaleInfoA
GetLogicalDrives
WaitCommEvent
GetModuleHandleA
UnregisterWaitEx
EnumSystemLocalesW
GetExitCodeProcess
GetStartupInfoA
LoadLibraryExW

msvcrt

_mbsnbicmp
_controlfp
__setusermatherr
__set_app_type
_setmbcp
signal
_mbcjmstojis
_except_handler3
_mbstrlen
exit
__getmainargs
__p__fmode
_initterm
_acmdln
_adjust_fdiv
_XcptFilter
_vsnprintf
__p__commode
_wmakepath
_exit

user32

NotifyWinEvent
CreateWindowExW
EnumDesktopWindows
EndTask
IsCharUpperA
DrawTextExA

gdi32

SetRectRgn
SetFontEnumeration
CreateFontIndirectExW

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ