bf634e6bd5d768e5b4ad4dd40965ae4e_JaffaCakes118 | Triage

Sharing

General

Target

bf634e6bd5d768e5b4ad4dd40965ae4e_JaffaCakes118
Size

444KB
MD5

bf634e6bd5d768e5b4ad4dd40965ae4e
SHA1

5ac1aab29da72cd8b5b65d161bd25dfdcc3b39a0
SHA256

3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf
SHA512

d3333884c24f43bf522fa6d1089498c34a0cf2d8c90abebaa43b1570d531d21b759edf580fddd24bb921abf8cf2b4637b54a56e968f481e1bdadbba79a0f6bfd
SSDEEP

3072:GOnJLpiEiRqvBqDatqeHoxZv0qE3mZpuBsECkle2jcY1waKP8:VphiwZqeIeHk0qE3PiAcyFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf634e6bd5d768e5b4ad4dd40965ae4e_JaffaCakes118

Files

bf634e6bd5d768e5b4ad4dd40965ae4e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f2b97b64912e8e6466b839fa8e36828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseClusterResource

msvcrt

memset

mscms

OpenColorProfileW

rpcrt4

RpcAsyncAbortCall

gdi32

CreatePalette
OffsetWindowOrgEx
GetCharWidth32W

crypt32

CryptEncryptMessage

kernel32

GetSystemRegistryQuota
GetModuleHandleA
GetNLSVersion

advapi32

RegSaveKeyA

pdh

PdhCloseQuery

winscard

SCardGetStatusChangeW

user32

CharToOemW

ole32

OleCreateLink

ws2_32

WSASetLastError

shlwapi

StrCatW

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.erloc
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ