dd7970c50f3e2f789bb18e4290dfa27b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd7970c50f3e2f789bb18e4290dfa27b_JaffaCakes118
Size

144KB
MD5

dd7970c50f3e2f789bb18e4290dfa27b
SHA1

0b950efd5d5b19bd9e612fbca2cdb1b1c5f46b9d
SHA256

6341c6f461c83142a2e72f115302b14df757ccbb5409e45c5a164e19cac377a4
SHA512

1bcdfc177497fa1e113cf268285eca754edc577f3f2254ab820b8d9132b5cdd2524f1e9a38ec77b0c075d240d29dc993574e833f518ccb6dc5fc7a59e0173515
SSDEEP

1536:xEGBi3FMX/5PN95KxY39NjlXfzXxnQan9wp+btdFQ8WoAdVU6lVQoG:4VMhN9n39NxXNnRn9wYBLQ8rAw64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd7970c50f3e2f789bb18e4290dfa27b_JaffaCakes118

Files

dd7970c50f3e2f789bb18e4290dfa27b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2309fdcb7bce3c70f5da36a70fbb37ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
ExitProcess
lstrcmpA
lstrlenA
lstrcatA

gdiplus

GdipGetCustomLineCapStrokeCaps

winmm

midiOutSetVolume
mmioOpenA

user32

GetMenuDefaultItem

msimg32

vSetDdrawflag

comctl32

CreatePropertySheetPageW
DllGetVersion

oledlg

OleUIChangeIconA

oleacc

GetRoleTextW
AccessibleObjectFromEvent

ole32

CreateDataAdviseHolder
StgOpenStorageOnILockBytes

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ