e9df6deade52db0242a150e813fbea2a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9df6deade52db0242a150e813fbea2a_JaffaCakes118
Size

29KB
MD5

e9df6deade52db0242a150e813fbea2a
SHA1

4e2679ad39407c251a1154d851ee10fc2f46a1c5
SHA256

45d5eba5d3c0885f6c278a0c3fc94669a54fab9c4d37057c1afbd58485a2cffa
SHA512

5b5edbf290572fbde6e2526a61ead1e7bafeb7ea11dfa0dab8bc2119c6fd83f594085f9ac671028c3b9c95ee88f5ab89fb7f73b49d920a34219f61d9ffac5a36
SSDEEP

768:ImhI+HPs9psiH7zWt4Ap8aa3BhX5cTJz+:DhnE9pDzWt4Ap8aa3zqT0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9df6deade52db0242a150e813fbea2a_JaffaCakes118

Files

e9df6deade52db0242a150e813fbea2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05a04977ddcd324c7c0f1c0406ce00b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelW
SetFileTime
ClearCommBreak
RestoreLastError
PrepareTape
CloseHandle

ntdll

RtlCompressBuffer
RtlCreateRegistryKey
RtlIdentifierAuthoritySid
RtlUpcaseUnicodeToMultiByteN
RtlOemStringToUnicodeSize

user32

PrivateExtractIconsA
LoadBitmapW
GetSysColorBrush
SetPropW

ole32

CoFreeAllLibraries

advapi32

StopTraceW

gdi32

GdiSetBatchLimit
GetBkColor
MaskBlt
CreateScalableFontResourceA
RealizePalette
SaveDC
SetBkMode
SetTextColor
StrokeAndFillPath
UnrealizeObject
OffsetRgn
CreateEllipticRgn

shlwapi

PathUndecorateA

shell32

SHExtractIconsW

authz

AuthzFreeResourceManager

Exports

Exports

qZUk

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ