ae1b669f93ac36f2c98fadf344b97062_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae1b669f93ac36f2c98fadf344b97062_JaffaCakes118
Size

31KB
MD5

ae1b669f93ac36f2c98fadf344b97062
SHA1

2855f63f40902d0fe699995447391c9b95ae1817
SHA256

41bdc04361cfc2e98cf599f4a734b535a3133d9cb6f50aeb236b515b820c4dc2
SHA512

14aa9544956c82caf6b9c9472cbf0ed976fa790f39283c67bde7afeed28ca208fdb94b70908b19785ea229b30c8e1bea5cf61a47219ec7d5f68d8f065271364f
SSDEEP

768:n2P9++nCCJKk9QdqJVI/HOTtBHbLziJY8U/9G1:n2V++nCCJXQdqUvOTtVLz0Y8S9g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae1b669f93ac36f2c98fadf344b97062_JaffaCakes118

Files

ae1b669f93ac36f2c98fadf344b97062_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f15a1fd3dbd23f2f52ac1baf075144f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileIntW
EnumDateFormatsA
OpenSemaphoreW
lstrcatA
OpenEventA
GetVolumeInformationW
CommConfigDialogW
FormatMessageA

user32

GetAltTabInfoA
FindWindowA
LoadIconA
SendDlgItemMessageA
GetWindowLongA
LoadMenuA

gdi32

CreateFontA
EnumICMProfilesW
GetCharacterPlacementA
DeviceCapabilitiesExA
CopyEnhMetaFileW
GetTextExtentPoint32A
GetTextMetricsA

Sections

.code
Size: 23KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.��
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 683B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ