491e29c75d80614d325e54d4e4eb3a75_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

491e29c75d80614d325e54d4e4eb3a75_JaffaCakes118
Size

404KB
MD5

491e29c75d80614d325e54d4e4eb3a75
SHA1

a7b169d561b871c567479df69dbca314f9a0c391
SHA256

5282359650583b5f960b884b8380a13c646feb43b6203b78f60c9709bb6fd2ce
SHA512

48be93017591a876c8a8c114bab6bf2ef09e704c2d7cd44825ca62b3fcd512bcfd6e51ab80da7dace7260de12131c533606e7d457f78860f84abc27eef2b889c
SSDEEP

12288:LVAq6CkIgWuvXa236tOWdiOPQTbt/lMSsbY5USQ:JuJIlYaDOWdiqchlMSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491e29c75d80614d325e54d4e4eb3a75_JaffaCakes118

Files

491e29c75d80614d325e54d4e4eb3a75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d71724b321a9d70e59004abf3ab559d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleInputExeNameA
GetStdHandle
LoadLibraryExA
VirtualFreeEx
GetProcessPriorityBoost
GetOverlappedResult
WriteConsoleInputVDMA
CreateProcessInternalW
SetFileApisToOEM
TerminateJobObject
FreeVirtualBuffer
QueryDosDeviceA
Sleep
VirtualUnlock
ReadConsoleInputExW

gdi32

EngUnlockSurface
PlayEnhMetaFile
DdEntry38
GdiAddFontResourceW
GdiDrawStream
StrokePath
GetFontData
DdEntry10
ScaleViewportExtEx
CloseMetaFile
CLIPOBJ_cEnumStart
GetDeviceGammaRamp
DdEntry44
CloseEnhMetaFile
EngGetCurrentCodePage
GdiPlayJournal
GdiGetBatchLimit
CreatePen
ClearBitmapAttributes

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ