b821da5d7ae1c47f0bbbecb176c461a9_JaffaCakes118 | Triage

Sharing

General

Target

b821da5d7ae1c47f0bbbecb176c461a9_JaffaCakes118
Size

132KB
MD5

b821da5d7ae1c47f0bbbecb176c461a9
SHA1

1bac86a722d1d62223f69c41a021b29f8db50523
SHA256

f3a7066136baba492696cc4de356d84122619be843eb031a47ecd3178c23fd86
SHA512

0f460cb465f49ea532ddb12c13ee3c9e80569ae19f30e45f4e460711a93bdaaaa7aed285dbb5cbe34738b14420eb4e4fa468a4848c6a1555dc18d9743e8c2a8d
SSDEEP

1536:s11f28awErDA48RfYICXBfuvS6bgAWJZFxLoeb8VLxnSc6x1sOspq1ava2:s11f28awLrRf7CUcLJZFpcxnSvsOz+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b821da5d7ae1c47f0bbbecb176c461a9_JaffaCakes118

Files

b821da5d7ae1c47f0bbbecb176c461a9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ea1e763d2e4a5c1426791838a1dc17e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlGetLongestNtPathLength
NtAllocateVirtualMemory
RtlNormalizeProcessParams
RtlGetDaclSecurityDescriptor
isxdigit
RtlGUIDFromString
DbgUiStopDebugging

kernel32

GetDiskFreeSpaceA
GetShortPathNameW
GetProcessHeap
lstrcpy
GetFileAttributesW
lstrlenA
QueryPerformanceFrequency
GetCPInfo
GetStartupInfoW
GetCommandLineA
SetThreadLocale

user32

EnumChildWindows
AppendMenuW
GetDlgItemTextA
DestroyIcon
PeekMessageA
InsertMenuW
CharNextW
DialogBoxIndirectParamW
GetMenuInfo
GetDC
ReleaseDC
MessageBoxA
CreateDialogParamA
RegisterWindowMessageA
CreateDialogIndirectParamW
SetScrollInfo
RegisterClassExA
PostQuitMessage
ShowCaret

gdi32

GetBitmapBits
SetBkMode
LineTo
TextOutW
CreateCompatibleBitmap

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ