760d03b2fabf10160457fc69c04c1811_JaffaCakes118 | Triage

Sharing

General

Target

760d03b2fabf10160457fc69c04c1811_JaffaCakes118
Size

125KB
MD5

760d03b2fabf10160457fc69c04c1811
SHA1

1718a5df27d1728c8096b1dfc3dc09e672bd2566
SHA256

3e00f5d38d2b6fa86ed67c04f05303b08ee764aab115acffa6afe9e5071f9d0a
SHA512

18203582acdc8c0762a35acfa97cc8113d597e9c3369be9e3e7059ae1a24aaf1d3632a9f26339afa1ac0517b57aaf75920826216c317bc68a369db1cebf26c31
SSDEEP

1536:uRIBaV6G9tHhXji5JcdDZu5h6XJ8cnhmjjrKZyPA4eTXvPG0Lej8:+IBaV6G9tHlGAM5h6ZWfJg7X7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
760d03b2fabf10160457fc69c04c1811_JaffaCakes118

Files

760d03b2fabf10160457fc69c04c1811_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8ae07c1d10cb1701abd8da7ea40640c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcess
IsBadReadPtr
lstrcmpiA
TerminateProcess
GetProcAddress
CancelTimerQueueTimer
CreateIoCompletionPort
FreeEnvironmentStringsW
LoadLibraryA
SetCurrentDirectoryA

user32

CallMsgFilter

gdi32

GetCurrentPositionEx
ExtFloodFill
LineTo
BitBlt

advapi32

StartServiceW

Exports

Exports

kostljgzz
nccclfvubxa
pcpffrlpkhn

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ