b6cde96ee2e855acf72104160167d1b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6cde96ee2e855acf72104160167d1b1_JaffaCakes118
Size

160KB
MD5

b6cde96ee2e855acf72104160167d1b1
SHA1

b65e89eab398a5a4fe2dd9a4b442398fa9e1120a
SHA256

aa84ec746066c1162bbd6574da39bd4d1cf1e20a643ef01d882635200d0ca341
SHA512

825228bc80396bbc5b3a5cf41014735ab9d48a493462eb16db7514d1ed4e353c75b387bd89fd1e7c9d740d77e460524b9c6cbb8745ec7ab833f2258931dd0838
SSDEEP

3072:0oNi1cx2mH37OaV+1JMfKuZCY7RWFc1duK9ZH1cXrPmcDZjQIAOlhLA79zn9JWJ:0Nx47V8ACJo0Fc1duKdcjcIbk79P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6cde96ee2e855acf72104160167d1b1_JaffaCakes118

Files

b6cde96ee2e855acf72104160167d1b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb72d5fed073d87fd6b71e95abe2d3f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
SetVolumeLabelW
SetVolumeLabelA
SetFileValidData
CloseHandle

ntdll

RtlCreateQueryDebugBuffer
RtlEnlargedUnsignedMultiply
RtlIsTextUnicode

ole32

CoCreateInstance

advapi32

ReadEncryptedFileRaw

gdi32

AddFontResourceW
FillRgn
FillPath
DeleteObject
CreateEllipticRgn
CreateDIBPatternBrushPt
BitBlt
GetFontLanguageInfo
PtVisible
SetDCPenColor
SetTextJustification
SetTextAlign
SetMapperFlags
GetDeviceCaps

shell32

SHSetInstanceExplorer

cryptdll

CDRegisterCSystem

Exports

Exports

SjZVXN
srWbu

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ