ba4252d4f00d15127e386f4a3ccd4885_JaffaCakes118 | Triage

Sharing

General

Target

ba4252d4f00d15127e386f4a3ccd4885_JaffaCakes118
Size

325KB
MD5

ba4252d4f00d15127e386f4a3ccd4885
SHA1

8dc5e087a3f95225993b78e07152b1a4a55fd909
SHA256

05f326f68307faf3badf6964e3d1d3af22d1ee9cf09fe03305e248b0707bfd9e
SHA512

341db17117571d8453547b5931655b1e404c579bed17a9c362f9645f23aec04d0c6449de98e1ce601881be25bcf917a8858a992be366ee60d23b8f41ee71e324
SSDEEP

6144:ED8hbtWbib3+eKwvzSnlgmzepMqRj7nlrIcgmmxdvFTWrVvTKgHEv1wNM7Fh0oha:fhRuIOeKwvzSn6mzQMKnlrIcgbZFSrHp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba4252d4f00d15127e386f4a3ccd4885_JaffaCakes118

Files

ba4252d4f00d15127e386f4a3ccd4885_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ca0eacef34812c6b91caea3373d6063

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle

ntdll

RtlUnlockMemoryStreamRegion
RtlEnlargedIntegerMultiply

user32

GetDCEx

advapi32

ConvertStringSidToSidW

gdi32

SetBkMode
SelectPalette
SelectFontLocal
ResizePalette
SetPixel
PathToRegion
GetROP2
GetDeviceCaps
GetDCPenColor
DeleteObject
CreateSolidBrush
RemoveFontResourceA
CloseFigure
CreateDIBPatternBrushPt
CreateHatchBrush
CreateScalableFontResourceW

shell32

SHExtractIconsW

shlwapi

PathStripPathA
PathUnmakeSystemFolderW
SHDeleteKeyW

advpack

GetVersionFromFileEx

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ