a99378e792f60b6032526c0a9f019e72_JaffaCakes118 | Triage

Sharing

General

Target

a99378e792f60b6032526c0a9f019e72_JaffaCakes118
Size

202KB
MD5

a99378e792f60b6032526c0a9f019e72
SHA1

5a276949a469a01d2af2b1b5d873ba1cb60a42a2
SHA256

0241e3571036f05e5984a901e9cf184449e8ece1f9868d90fd02091c976be3aa
SHA512

29e8e7702f0daf2aad13b1803d3dd4d5fb63600cf31c73a73ada1ac6ef7dbcee376816d3ce931f80fc73fec2314baeb137511cf2de9de6aba7cce40b7d8f0b10
SSDEEP

3072:Av3QovURLz2rkxSGQ7gtk3RPT+JtXrw4/v9mxxRniAKhyXlasViDV3eFM+RsR:Mvvtrkx9StRPTUnYo8sh+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a99378e792f60b6032526c0a9f019e72_JaffaCakes118

Files

a99378e792f60b6032526c0a9f019e72_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ee967a21a154e8d19ca827858257bd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
GetEnvironmentVariableA
GetStringTypeW

user32

DefDlgProcA

gdi32

ExtFloodFill
GetMetaRgn

advapi32

LsaFreeMemory
GetUserNameW

Exports

Exports

cxjgwhapynldw
thhjkhljpctfe
tqemhhdreayweti

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ