bdf2172b14a4fdf4bb9727957d2005fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdf2172b14a4fdf4bb9727957d2005fe_JaffaCakes118
Size

154KB
MD5

bdf2172b14a4fdf4bb9727957d2005fe
SHA1

9e089e7976b89e6dc9a71dc6f64d5ddd60505ebc
SHA256

1a06f471877254c9224c600528bf2c69fa0a6f9f44f75b55170c4858905ee3d3
SHA512

6a3b9210a05d33ca5adeab673c686a56a266cfce6397d73c3c2f37dddea7170f1a89f470bf52076986b342e40d856996742ea784d5ca83f502e82315cea09d43
SSDEEP

3072:gGLcxm9MNQCN/F2L8facSnaN0wnTn/9MD6ibBhRYps39n:g8cNZy8fFLN0c96dfEs39n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdf2172b14a4fdf4bb9727957d2005fe_JaffaCakes118

Files

bdf2172b14a4fdf4bb9727957d2005fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

510cb7b0ccb12af3f9109aaaa2fbac8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

LineTo

winspool.drv

ConnectToPrinterDlg

advapi32

GetLengthSid

shell32

SHGetFolderPathA

ole32

CoInitialize

oleaut32

VariantClear

psapi

GetModuleBaseNameA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winscard

SCardConnectA

msimg32

AlphaBlend

winmm

timeGetTime

shlwapi

PathAppendA

comctl32

ord17

opengl32

glClear

Sections

.MPRESS1
Size: 100KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE