d18fa12e6aee5e04e0a7482812b0d32a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d18fa12e6aee5e04e0a7482812b0d32a_JaffaCakes118
Size

238KB
MD5

d18fa12e6aee5e04e0a7482812b0d32a
SHA1

35724104b36aa366dac3743427b2c0acf91607ef
SHA256

7c7a4a11fd1ad23991fe9668560515184d439fbc8bc14865b0915bbcb611e789
SHA512

ef083d0acfa186696e5a565808af917abe23fd607d67e83217d1bfc61de84228185e215cf8bb5760d53ac35d12d47f4a2ff69d095fa0e10a147d13a89593068b
SSDEEP

3072:v/neDEY8V7jFX9gyHYGbdELlJrj6UY2cJ3nOFtA61tiQF0hRMS7+qIlXHJH:vgEBjh9BHdbdCH6UI3nOY61F07MDlNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d18fa12e6aee5e04e0a7482812b0d32a_JaffaCakes118

Files

d18fa12e6aee5e04e0a7482812b0d32a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0fcd06cd826f2d57d788d9a87d7b7bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerSetConditionMask
RtlZeroMemory
CloseHandle
RtlUnwind
RtlMoveMemory
RtlFillMemory
RtlCaptureStackBackTrace
RtlCaptureContext

user32

ClientToScreen

gdi32

GetCurrentObject
GetArcDirection
Chord
Arc
SetMapperFlags
IntersectClipRect

Exports

Exports

BMBzUsAs4gEw47
F3aC2LymgyvGmrTw6
QaOqxNHbQ4
RwnnCe3A5NxW
uiglmMkAof4
xMocbTjeQkWX95Lb

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ