bb9b496506b345d29fc4174a651a55a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb9b496506b345d29fc4174a651a55a4_JaffaCakes118
Size

17KB
MD5

bb9b496506b345d29fc4174a651a55a4
SHA1

099ef59ff861720f4cb6e0714805d738c5d3444b
SHA256

1483c936ff38416c03a466b0885545053fc8c76072df25d7a222e9cff92b87d4
SHA512

0c7ebd655e0b5d76500bf91ba622aac425a2c22e72f7a74336645de479316b20fd53666f20380b2d2fc9fb572eaa65d4c604dd379ff6e61053e078e56570ce0d
SSDEEP

384:c8Xbe+bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbE:c6LbbbbbbbbbbbbbbbbbbbbbbbbbbbbY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb9b496506b345d29fc4174a651a55a4_JaffaCakes118

Files

bb9b496506b345d29fc4174a651a55a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08c97e714a5c214dd746442092203abf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
HeapCreate
GetConsoleCP
lstrlenA
VirtualProtect
GlobalUnlock
HeapReAlloc
GetCommandLineA
GetConsoleDisplayMode
SuspendThread
GetVersion
CompareFileTime
LocalSize
WaitForSingleObject
GetAtomNameA
GetModuleHandleA
WaitForMultipleObjects
CloseHandle
GetSystemDefaultLangID
InterlockedExchange
GetTickCount

gdi32

CreateICA
CreatePalette
GetTextColor
Escape
CreateFontA
GetMetaFileA
FloodFill
EndPath
AbortPath
Ellipse
BeginPath
DeleteDC
EngLineTo
GetStringBitmapA
GetFontData
DeleteObject
EqualRgn
GetMetaRgn
GetRgnBox

rastapi

PortClose
AddPorts
DeviceDone
DeviceListen
DeviceConnect

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ