b69a4a59ec1ce3d1fcad92e9852a566d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b69a4a59ec1ce3d1fcad92e9852a566d_JaffaCakes118
Size

93KB
MD5

b69a4a59ec1ce3d1fcad92e9852a566d
SHA1

fbc5de164c6f4bf8bfb925c77b0f9dac78239e6c
SHA256

684c1ced7fa70c4c7b7bd535d9cdc09ceae7d75988908ba4eafcea4144e7e3f5
SHA512

0d5fe75f3bd3188203fcb1d01de05103c504e5e7ef3a13fc595b22be3d1465eadd9e0ae677292e3f7ed2c029ce4810429585d8af745623fcac425df1604ec26c
SSDEEP

1536:XpLGkz8jtcaJdoCArphksBBpx5wgHYPlYRyjWnoDLWa8UZMEFIRYwZo7S:XU5cZrpawpjwQY9qnILV80M3YwZo7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69a4a59ec1ce3d1fcad92e9852a566d_JaffaCakes118

Files

b69a4a59ec1ce3d1fcad92e9852a566d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

119441d0c66a6bd155fab0ff0e201a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError

ntdll

RtlFirstFreeAce
RtlAddAuditAccessObjectAce
RtlCreateQueryDebugBuffer
RtlxAnsiStringToUnicodeSize
RtlQueryHeapInformation
RtlGetCurrentPeb
RtlFindCharInUnicodeString

user32

PaintDesktop

advapi32

SetPrivateObjectSecurity

gdi32

GetNearestPaletteIndex
GetFontLanguageInfo
GetFontData
GetBitmapBits
FloodFill
FillRgn
EndPath
GetROP2
StrokePath
SetTextCharacterExtra
SetROP2
SetPixelV
SetDCBrushColor
SelectPalette
PtVisible
PathToRegion
OffsetClipRgn
GdiTransparentBlt
CreateRoundRectRgn
CloseMetaFile
CreatePatternBrush
CreateRectRgn
DeleteDC
InvertRgn

oleaut32

RegisterTypeLibForUser

rasdlg

RasPhonebookDlgW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ