dc11e856c9a161316f4f9727e7ea5632_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc11e856c9a161316f4f9727e7ea5632_JaffaCakes118
Size

114KB
MD5

dc11e856c9a161316f4f9727e7ea5632
SHA1

44c186fa8b81c6aa3d8a257dee6e3e74381be7b4
SHA256

17649d70f8a09aafb57c0b3ef049b7dfdeda97f7d728971f97a948e6e6a371b3
SHA512

e6c365fbd4d0d96b87e76c2823ba04c19a036dadb402dc0904351dba344d0c006e64e623c88168bf292eb3435b4cfc4b1a50678b02a6c568d6d26f4b7d4748d7
SSDEEP

3072:hCHfO0+QwTwC71C+THE4WQir4CvCo+OWW5uNa/0M+xmBnm:YHfL+l8S0abikCvCo+ObuNa8MK3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc11e856c9a161316f4f9727e7ea5632_JaffaCakes118

Files

dc11e856c9a161316f4f9727e7ea5632_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da0ae31bfd28db018c06161de1212e20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlDeleteSecurityObject
RtlComputeImportTableHash
RtlAddAuditAccessAce

user32

GetWindowRgn

advapi32

RegOpenKeyExW
LsaDeleteTrustedDomain
CryptSetProvParam

gdi32

SetSystemPaletteUse
UnrealizeObject
SetGraphicsMode
SetDCBrushColor
SetArcDirection
PtInRegion
LineTo
WidenPath
GdiTransparentBlt
SetPixel
CombineRgn
CreateRoundRectRgn
ExtSelectClipRgn
FillPath
FlattenPath
GetArcDirection
GetBitmapBits
GetCurrentObject
GetGraphicsMode
GetStockObject

msimg32

AlphaBlend

activeds

ADsBuildEnumerator

rasapi32

RasAutodialAddressToNetwork

aclui

CreateSecurityPage

Exports

Exports

UkxpPRF0osLRW4PxA
Xr5Q6YOSTcUs
Z5Lt

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE