6abbe9442274d47d9ef23bcefd3bb2dd_JaffaCakes118 | Triage

Sharing

General

Target

6abbe9442274d47d9ef23bcefd3bb2dd_JaffaCakes118
Size

225KB
MD5

6abbe9442274d47d9ef23bcefd3bb2dd
SHA1

b66b6e56a49d51adffa4e24096e6ca19d2ff9add
SHA256

256c500c86bba6eb16d2587c7783085a8759aa7502f7625d71d39b9877ab4267
SHA512

b2140756398dc517452c5496a0f001fba6e9e3c6f9ff8050c02eb0ca4458ec3ba9791104f42d3690e2fbede5bb7bde4afa4ed20d5cc60980e6b54329c2777c91
SSDEEP

3072:u+t2j0u5Z7G0Q72OsFo5zffiIWdjTHQ6jCVIATwBEfDI2r9YMimYHMP:u+Y02Z7G05Fo569THBCVzTwEDI2m7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6abbe9442274d47d9ef23bcefd3bb2dd_JaffaCakes118

Files

6abbe9442274d47d9ef23bcefd3bb2dd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c6310e7c6aa8b9c9dd9fb58bf4510d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandom

gdi32

DeleteDC
DeleteObject
ExtTextOutA
ExtTextOutW
GetCharacterPlacementA
GetCharacterPlacementW
GetCurrentObject
CreateCompatibleDC
GetFontLanguageInfo
GetGlyphOutlineA
GetGlyphOutlineW
GetObjectA
GetObjectW
GetOutlineTextMetricsA
CreateDIBSection
GetTextMetricsA
GetTextMetricsW
MoveToEx
CreateFontIndirectA
CreateFontIndirectW
SelectObject
SetBkColor
SetBkMode
SetMapMode
SetTextAlign
SetTextColor
TranslateCharsetInfo

user32

SendMessageW

advapi32

CreateWellKnownSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerExA
CheckTokenMembership
SetServiceStatus

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ