ef0162e4a3123e00093376670b28d548_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef0162e4a3123e00093376670b28d548_JaffaCakes118
Size

110KB
MD5

ef0162e4a3123e00093376670b28d548
SHA1

447d802f9c05126a1f5e7ec7e9d73210504db59e
SHA256

e0ee86c938c48c9c926a23ddb2a1894e5c5c369e432c3560457c2f29ffc16f34
SHA512

af0f5b820e88dd98c060c49dcae5f3dc5d4a276369dae24f54f4a17ce18c3904f4789ab648da4dbdf9ba7e7d0d128996e77ca619fc25e7d08fe4db994b7bc9a6
SSDEEP

1536:b/846LlU0GrPdx5i9GIA4MRRSzdqgZm+WS96IBEvjmVBmo+qisG/uUeYFcYp1efV:QJEr16GPK5p866eAmVBT+Gi7UR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef0162e4a3123e00093376670b28d548_JaffaCakes118

Files

ef0162e4a3123e00093376670b28d548_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d97c0d04ae9e0eb920ed41620eca29d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitVDM
FindFirstFileA
GetACP
GetCommModemStatus
GetConsoleMode

gdi32

DeleteObject
DescribePixelFormat
EnumEnhMetaFile
ExtFloodFill

shell32

ExtractIconA
ILSaveToStream
OpenRegStream
PifMgr_CloseProperties

msvcrt

__CxxFrameHandler
___mb_cur_max_func
__crtCompareStringA
_EH_prolog
__doserrno
__iscsym

Sections

.text
Size: 62KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE