86c9f26650955a8c8461f146e50a7dfc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86c9f26650955a8c8461f146e50a7dfc_JaffaCakes118
Size

636KB
MD5

86c9f26650955a8c8461f146e50a7dfc
SHA1

4b7bb94bdfd6ebe861e4710e0cfa67908c5bd9b5
SHA256

d06acb5a4c4ad2689fdecc8427a86678f3fe288e446393cf4c01694039a1161f
SHA512

892ffc185f8aaec364312df491cb0bb4daca205c5306b814baa087e50eb4757deccce0e50e2efdd6b09923a9185e6a215adee7c0a2f610567a2561cea2f44f08
SSDEEP

12288:0I7jpS31ZxKSpzluJzNo15jH78WtvspyjriT/bmUH4Cu:DjcZxKcUt2JH7ztdmTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86c9f26650955a8c8461f146e50a7dfc_JaffaCakes118

Files

86c9f26650955a8c8461f146e50a7dfc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb6739ab2cbae1c5629beda224a0c3fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
HeapReAlloc
WaitForMultipleObjects
GetVersion
SuspendThread
GetStdHandle
HeapCreate
VirtualProtect
CompareFileTime
lstrlenA
LoadLibraryExA
GlobalUnlock
LocalSize
GetSystemDefaultLangID
InterlockedExchange
GetAtomNameA
GetTickCount
GetConsoleCP
CloseHandle
GetModuleHandleA
GetCommandLineA

gdi32

CreateICA
GetMetaRgn
GetFontData
DeleteObject
EndPath
CreateFontA
Ellipse
GetTextColor
AbortPath
CreatePalette
FloodFill
EqualRgn
GetStringBitmapA
BeginPath
DeleteDC
Escape
EngLineTo
GetMetaFileA
GetRgnBox

winmm

auxSetVolume
PlaySoundA
OpenDriver
auxGetVolume
CloseDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ