8bfba73abf80f82b3a9178445ac3ab4a_JaffaCakes118 | Triage

Sharing

General

Target

8bfba73abf80f82b3a9178445ac3ab4a_JaffaCakes118
Size

153KB
MD5

8bfba73abf80f82b3a9178445ac3ab4a
SHA1

dd9a16411ae02872f3832e99785c2ef912591c8a
SHA256

cf099ac960f77d28df558715a9337ef0e4dbf0564de4185e8ffb5bd7a9e6eb7e
SHA512

6e8e7ec85cdb61ec3496e75ec91b56b245e14b56fa53bbf15e1940e7d9407f0dddb08d669bc3219ee3c3386f780af1100c49fbf2df79a339ab9438a0b1236a4a
SSDEEP

3072:mzFLUMbdpg8AkTjCe2ccV0mm8M7h4Nlw9yDbVB2E9Bjemd1sAByjsxzld9a0ycI:mzFgydKgCBVFml4bZXb3rAs99a0yT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bfba73abf80f82b3a9178445ac3ab4a_JaffaCakes118

Files

8bfba73abf80f82b3a9178445ac3ab4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65a827e597ac8c1754f86ab7af901660

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError

ntdll

RtlDeleteSecurityObject

user32

LoadBitmapA
WindowFromDC

advapi32

RegEnumValueA
RegQueryMultipleValuesA

gdi32

OffsetRgn
GetPath
GetMetaRgn
GetLayout
GetDCPenColor
GdiSetBatchLimit
PathToRegion
WidenPath
UpdateColors
StrokePath
SetMapperFlags
RestoreDC
FlattenPath
Pie
BitBlt
CreateDiscardableBitmap
CreatePolyPolygonRgn
RemoveFontResourceW

msimg32

TransparentBlt

netapi32

NetQueryDisplayInformation

rtm

RtmAddRouteToDest

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ