830b50744125ae7ea32f3124eed47ed9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

830b50744125ae7ea32f3124eed47ed9_JaffaCakes118
Size

30KB
MD5

830b50744125ae7ea32f3124eed47ed9
SHA1

97263e6b14d027119107d6deb7650295cc2da0c6
SHA256

3970fa65f3ba7755aa33092b2ac32321b167745694263917058ef37b51601df2
SHA512

328a16a03c4b050c51d548ceb285395f2415ad953996c4bd09f0967b633f9f8172c5965f87d25c780723a55956791bd9d6dea93074788c7c5d285abf77fe1304
SSDEEP

384:wQCTJGqYg/6Tf2ZmCfhjvfUBdBXXSBwmkxUXvjiE5j6SlI3hMiHZZQEjRI15BY:xCtGqYG2eZHhjEHSBIUXvP9iM6ZjIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
830b50744125ae7ea32f3124eed47ed9_JaffaCakes118

Files

830b50744125ae7ea32f3124eed47ed9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4b790bcc8771d4b345553eecfc5cdfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekConsoleInputA
LoadLibraryA

ntdll

RtlReadOutOfProcessMemoryStream

user32

ReuseDDElParam

ole32

CoGetInstanceFromFile

advapi32

ConvertSDToStringSDRootDomainA
RegOpenKeyExW

gdi32

SetPixel
SetMapperFlags
SetDCBrushColor
SetBitmapBits
SetArcDirection
SetTextAlign
InvertRgn
GetTextColor
GetClipRgn
GetBkMode
ExtSelectClipRgn
EnumObjects
SetTextCharacterExtra
RemoveFontMemResourceEx
BeginPath
BitBlt
Chord
CreateCompatibleBitmap
CreateRoundRectRgn
DeleteDC
DeleteObject

rasapi32

RasQuerySharedConnection

cfgmgr32

CM_Setup_DevNode

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE