ef109e318eac0febf15b25f850c79d4f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef109e318eac0febf15b25f850c79d4f_JaffaCakes118
Size

132KB
MD5

ef109e318eac0febf15b25f850c79d4f
SHA1

4a41a4e6029f9ee640922cf13c48311a7c7bc9ed
SHA256

5a276f6be10c865870b8530bfe23d89d7d8849bccbe07a6552b95f3b888291b9
SHA512

668b63525b813b25de0df9174e5ca1f52088136d3fdda4f107022f21b0d2b0eaf60f6f209daca41d5813ec0373da70ed5ed3f52304d42386b1b6a325f1fc2f0f
SSDEEP

3072:ZVpq/s1jBK3dVMyppP21kJHGrLd7wDTHgWL3hPhSwhv:ZVpqkZGdaU2GG7WHgWLxpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef109e318eac0febf15b25f850c79d4f_JaffaCakes118

Files

ef109e318eac0febf15b25f850c79d4f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

075847f0fded8432a69e7fe19247d1c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LAPc.#ffEQJ#6N+sV.pdb

Imports

msvcrt

memset

user32

GetWindowInfo
GetClientRect
WindowFromPhysicalPoint
CopyIcon
HideCaret
CopyImage

shlwapi

ord29

kernel32

ReleaseActCtx
ContinueDebugEvent
TlsFree
CloseHandle
GetVersion
IsValidLocaleName
GetCommandLineW
GetLargePageMinimum
Heap32First
GetThreadIOPendingFlag
LocalAlloc
GetLargestConsoleWindowSize
GetSystemDefaultLocaleName
HeapDestroy

oleaut32

VarCyCmpR8
VarCyFromR4

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 556B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ