8b5871f3ef7907a29ab3d351b705757c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b5871f3ef7907a29ab3d351b705757c_JaffaCakes118
Size

226KB
MD5

8b5871f3ef7907a29ab3d351b705757c
SHA1

cd2f26833d6c1b6d441cf08f46224a5371bb7db8
SHA256

b3d420992fc32a75014f4a85f5e361e479f6c526c70c6b925a8469e34d92e9e8
SHA512

3af4b869ee859d8d01d680ededf108c337447d1fc3cf986eacfff0f497e742583347b4ea7f1c688d042ca1a454fdb0d564556a4fdbe25520c6833eca55d85ef4
SSDEEP

3072:fvtHKFWJ7EG4h1QIoQxOIyjDKLYFOXrHKhCbyo1LTDh49ZygHvacW30hnbpFEQEa:FKTRSIoQofQGhCWSpN10hsQ1qi5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b5871f3ef7907a29ab3d351b705757c_JaffaCakes118

Files

8b5871f3ef7907a29ab3d351b705757c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2358f67e41fede3399d87733f6bb1b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BackupSeek
ExitProcess
GetEnvironmentStringsW
GlobalSize
InitializeCriticalSection
IsBadStringPtrW
QueryPerformanceFrequency
ReadConsoleOutputAttribute
SetupComm
SystemTimeToFileTime
VirtualFreeEx

advapi32

AddAuditAccessAce
CryptContextAddRef
CryptReleaseContext
CryptSetProviderA
CryptSetProviderW
GetMultipleTrusteeOperationA
InitiateSystemShutdownA
OpenBackupEventLogW
RegisterEventSourceA
SetEntriesInAuditListA
SetServiceObjectSecurity

gdi32

CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateEllipticRgnIndirect
DeleteDC
GetCharWidthA
GetEnhMetaFileDescriptionW
GetROP2
GetStockObject
GetTextExtentPoint32W
SelectClipRgn
SetDIBColorTable
UpdateColors
gdiPlaySpoolStream

Sections

.text
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 223KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ