bd5af72eb4b7f5763c4103071f4f6a02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd5af72eb4b7f5763c4103071f4f6a02_JaffaCakes118
Size

636KB
MD5

bd5af72eb4b7f5763c4103071f4f6a02
SHA1

8d63e077e50cf8ea32a750312d7c232321c73f76
SHA256

177d1aa1357d78f893cad1ec9ff205285225529cf12937a544f1cfbb554f4aed
SHA512

e771611ccf0c4137606e04d37096c313f32f3f61cd83fc4ee57ffb9d6937f31153fa9b016294998b07a852c15b81d536b9bcb9dcb3a71c8e40a94d3f89531f93
SSDEEP

12288:maWbWxrYcOgLAxB7iX/IH2wfR9e3nOLdypJPONcgyvK9aLP1d9//:YCduvxB7ivwjfR96nHpJPJQaLv9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd5af72eb4b7f5763c4103071f4f6a02_JaffaCakes118

Files

bd5af72eb4b7f5763c4103071f4f6a02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5afb700e065b310f4352a471a99d6ee8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetAtomNameA
InterlockedExchange
LoadLibraryExA
VirtualProtect
GetCommandLineA
GetModuleHandleA
HeapCreate
GlobalUnlock
LocalSize
GetConsoleCP
lstrlenA
GetTickCount
GetSystemDefaultLangID
CloseHandle
WaitForMultipleObjects
HeapReAlloc
GetConsoleDisplayMode
GetVersion
CompareFileTime
SuspendThread
WaitForSingleObject

gdi32

CreateICA
CreatePalette
GetRgnBox
GetMetaFileA
GetFontData
FloodFill
DeleteDC
BeginPath
GetMetaRgn
GetStringBitmapA
DeleteObject
CreateFontA
EqualRgn
AbortPath
Escape
GetTextColor
EngLineTo
EndPath
Ellipse

rastapi

DeviceDone
AddPorts
DeviceListen
PortClose
DeviceConnect

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ