bdc04f1dfaa9c54dd02dd2e9303f4e43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdc04f1dfaa9c54dd02dd2e9303f4e43_JaffaCakes118
Size

68KB
MD5

bdc04f1dfaa9c54dd02dd2e9303f4e43
SHA1

31eab01520bc8ecd4180b71dd52a226360f19bc7
SHA256

9b0402d2c805f46e662953e9957993e2f3df0ada684788d55921e6577cfb6979
SHA512

52992da7537000c7231900deaab7f44caaf20155d40c2236f3c0e73f1d5701a70b7b58ca56d7134df76a6882ad69d1c5ffc7cf7621190f50a40317f4602c2cc7
SSDEEP

1536:W6PI8Ng+drGUyHmOYdsZr1cD6zNvReAr+rgioCoWcZF:tPIGlrGl/YuYD65R7hbCoWcZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdc04f1dfaa9c54dd02dd2e9303f4e43_JaffaCakes118

Files

bdc04f1dfaa9c54dd02dd2e9303f4e43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd5bf7fa562f5261f9d1eec4ad30a6da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
LoadLibraryA
GetCurrentProcess
VirtualAlloc
GetProcessHeap
HeapAlloc
lstrcmpiA
GetStringTypeW
CreateFiberEx
FreeEnvironmentStringsW
TerminateProcess
GetProcAddress

user32

AnimateWindow

gdi32

OffsetClipRgn
GetMetaRgn
ExtFloodFill
CombineTransform
SetGraphicsMode

advapi32

GetServiceDisplayNameA
StartServiceW

Exports

Exports

nqfltkokfv
poswdipckvk
yibrimressdwfwb

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ