dd473a3b98c5a1ebe23dbfb0c6fa1db3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd473a3b98c5a1ebe23dbfb0c6fa1db3_JaffaCakes118
Size

177KB
MD5

dd473a3b98c5a1ebe23dbfb0c6fa1db3
SHA1

8b474423644a358379e05a97ad02ee83331b8cc8
SHA256

0ff05dfca7ace9f72dd5363f604f9a4ab38c0047285f88c6d179a32f64d24c4f
SHA512

951332a3169564a47fd23d77d576ed45fdaa0d216ac25ecab56549190edaf3ae4725e152060b3f2710a0369c42668be73e48fa88563b5b83e3a151035f9d0304
SSDEEP

3072:wAcMGTj7Id3WlFtTnxlHo8FMYXrIT2Im4EW/2EouX5kS88akKBH:PTGfcdGrrOY7gxf21uG6azBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd473a3b98c5a1ebe23dbfb0c6fa1db3_JaffaCakes118

Files

dd473a3b98c5a1ebe23dbfb0c6fa1db3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2f269898754a15f2571f269e9957a49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

GetModuleHandleA
TlsSetValue
TerminateProcess
GetModuleFileNameA
ExitProcess
GetCommandLineW
GetVersionExA
TlsGetValue
GetCurrentProcess

user32

ClipCursor
CreatePopupMenu
FindWindowA
DestroyMenu
RedrawWindow
TrackPopupMenuEx
GetDesktopWindow

rpcrt4

I_RpcFreeBuffer
UuidCreate

winmm

timeGetTime

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ