df1d322871e5b7f304dbe62e13917570_JaffaCakes118 | Triage

Sharing

General

Target

df1d322871e5b7f304dbe62e13917570_JaffaCakes118
Size

268KB
MD5

df1d322871e5b7f304dbe62e13917570
SHA1

1625a81bb537b4e838663875ef57b2000701e8bc
SHA256

5ba9ea4a7b1056993aaa634fc75b153ed35d8d6b73a6a9695f6e4dfccb30b69a
SHA512

413c84ef950235481095ecac349c37ac34222edbfbdcf64e306adc30670dd3e6d73f11c4aba7723fa193a20f6cbd8fdff997b25022b68a6a60b5edd6d476352d
SSDEEP

6144:TFDcjdo2PnqYCuMlSixsPPplysWCtP0C8G7s579ELspktqmBsdOg:OjdJPnqnuYSlpWm0i7s579ItTsMg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df1d322871e5b7f304dbe62e13917570_JaffaCakes118

Files

df1d322871e5b7f304dbe62e13917570_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67665755d8cf92741155c506ffde5db3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HL02Khf2Y-Qko2p.pdb

Imports

winscard

SCardFreeMemory

kernel32

GetExitCodeProcess
GetThreadId
GetCurrentProcess
GetCommandLineA
GetProcessIdOfThread
GetCommModemStatus

gdi32

ExtSelectClipRgn
StretchBlt
GdiGetBatchLimit
GetWindowOrgEx

user32

CloseWindow
GetClassWord
GetLastActivePopup
GetInputState
GetClipboardSequenceNumber
SetActiveWindow
SetScrollPos

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ