4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118 | Triage

Sharing

General

Target

4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118
Size

371KB
MD5

4866fc7e9ec5e1527931e54a98116a1c
SHA1

8f69166896157380565d7beea5bf6061e2ceb043
SHA256

ab1849e3e1d1d6a4573a2812ac764dad1e3f35ca9b9cb4ee10703305fff3d523
SHA512

19c1782e7438834e86ac2db68178a7fcd9b16f1ee33dfd717613624199a844c4a06bc34bc18aeeeb6f89a2e6c9c88536cc312c0b4dbcc6a77020d5e92575c743
SSDEEP

6144:nCuOCgRcak24bbOHAtBccV4CB8j7UIGMNx2D1lOLW+9qLycc1FcuajxJ:CuOCHak24Wgmc8j7Usv2Xx+9q+D1F+jL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118

Files

4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd9efba2b7cf3aa89c43524d3009e943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
ExitProcess
GetCurrentProcessId
GetLogicalDriveStringsW
GetUserDefaultLCID
SetFileAttributesW
VirtualAlloc
GetCommandLineW
GlobalFlags
SetEnvironmentVariableW
FindResourceExA
GetModuleHandleW

gdi32

SetBrushOrgEx
ResizePalette
SetBitmapBits
GetRegionData
SetTextJustification
GetTextMetricsA
CreateSolidBrush
CreateRectRgnIndirect
ArcTo
GetWindowOrgEx
ResetDCA
Ellipse
CreateFontIndirectA

activeds

ord25
ord23
ord20
ord5
ord13
ord3
ord15
ord6
ord26
ord27

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 79KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 102KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 102KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ