973338acbee78f158f89e2f5c6d177da_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

973338acbee78f158f89e2f5c6d177da_JaffaCakes118
Size

17KB
MD5

973338acbee78f158f89e2f5c6d177da
SHA1

d27e1ff72a01233b7a7458a12ccbbd41dde5c9d7
SHA256

1b303e9933b436fc9967254509cc43dd88dec47ac3cc3729fda3fb422cff6998
SHA512

f16cfd2c64a7af41d0ffbd622041ebc07a3fe5993cb2ef6091bc0ca5abe800f74ac2b372c29aadf80dc8e72457d29fb43695c0eda1af129a22a4c5b56e757aa6
SSDEEP

384:fM++fuFo8bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbB:fsIbbbbbbbbbbbbbbbbbbbbbbbbbbbbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
973338acbee78f158f89e2f5c6d177da_JaffaCakes118

Files

973338acbee78f158f89e2f5c6d177da_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0537f6ca5afac2bd531d50c19acdb4f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapReAlloc
GetCommandLineA
GetVersion
LocalSize
SuspendThread
WaitForMultipleObjects
GetTickCount
GetAtomNameA
GetModuleHandleA
VirtualProtect
GetConsoleCP
GlobalUnlock
InterlockedExchange
GetConsoleDisplayMode
lstrlenA
WaitForSingleObject
GetSystemDefaultLangID
HeapCreate
CompareFileTime
LoadLibraryExA

gdi32

DeleteObject
EngLineTo
GetRgnBox
AbortPath
GetMetaFileA
GetFontData
GetTextColor
EndPath
Escape
Ellipse
GetMetaRgn
DeleteDC
EqualRgn
CreatePalette
CreateFontA
GetStringBitmapA
BeginPath
CreateICA
FloodFill

rastapi

AddPorts
DeviceDone
PortClose
DeviceConnect
DeviceListen

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ