c79c97f5af446d6435dd65f7653e37c1_JaffaCakes118 | Triage

Sharing

General

Target

c79c97f5af446d6435dd65f7653e37c1_JaffaCakes118
Size

34KB
MD5

c79c97f5af446d6435dd65f7653e37c1
SHA1

fa3d30ca323d2583eb69752892347adb97e93ab1
SHA256

75f31bce883ba5901d3db1eb42f0d097a2bc4f27ac707a5a67a2311a80a75be2
SHA512

47dd21ac2aa197d858519e7a5629c2137f49d3455a0d91d72a384ae8b3693905a36c31304fb6699e1c583fdf6f7546258f2051d93a95d3ed2d97575976171171
SSDEEP

768:rfiBLKn2x1hdNB8G4rdFqEzniUggZOhOdOrNNtkKsf+0E5h+Fg+BE+1E1xaHrmoL:rfiBLK2xT4r7HiUuhFPkKldh+m+BT1Ei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c79c97f5af446d6435dd65f7653e37c1_JaffaCakes118

Files

c79c97f5af446d6435dd65f7653e37c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f3796fd5ccd2dac14e4721adbb64a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcessId

ntdll

RtlExtendedIntegerMultiply
RtlDeregisterWaitEx

user32

ExcludeUpdateRgn

advapi32

RegSaveKeyExA

gdi32

GdiAlphaBlend
SetTextCharacterExtra
SetStretchBltMode
CancelDC
SetPolyFillMode
RoundRect
PtInRegion
LineTo
GetGraphicsMode
ExtFloodFill
EnumFontsA
SetRectRgn
CreatePatternBrush
CreateCompatibleBitmap

appmgmts

CsEnumApps

oleaut32

SafeArrayRedim

shell32

SHChangeNotification_Lock

iashlpr

MemFreeIas

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ