ef4701659ecf031b713136fa587388fc_JaffaCakes118 | Triage

Sharing

General

Target

ef4701659ecf031b713136fa587388fc_JaffaCakes118
Size

204KB
MD5

ef4701659ecf031b713136fa587388fc
SHA1

23a94c796bc1dce4b34d9dd2434693e1f58db6de
SHA256

df8daf3b8f4bfa739108c0ff1b8ba40c9e2be17f7fc8b7a704e3aa777fbaefae
SHA512

b8b642f5ec83b8ba055e1235fbd81aaf2be1ca128a2949d6f96a14abbbf1af235cca2c0f639d796ec8348489a71f2481a39360a3f345e513aec5c06981f93ecc
SSDEEP

3072:HbrPNCeBvpiVEiVbmxnhxMDcuPaPPJ8wxsdOqsJ3MBTyv//6Qf:HbrNCeBvpieAih2DtCOOqsJMBmP1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef4701659ecf031b713136fa587388fc_JaffaCakes118

Files

ef4701659ecf031b713136fa587388fc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4000f7207acbe34bdedfcba1759448a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wrjW!qqwqeTHrnwgw.pdb

Imports

rasapi32

RasEnumDevicesW
RasFreeEapUserIdentityW

gdi32

SetTextAlign
LPtoDP
GetMapMode

ntdll

strncmp

user32

InternalGetWindowText
SetScrollRange

urlmon

CoInternetIsFeatureEnabledForUrl

shlwapi

AssocQueryStringA

kernel32

HeapLock
UnlockFileEx
GetNamedPipeClientSessionId
GetCommandLineA
GetBinaryTypeA
GetSystemPowerStatus
SetLastError

advapi32

QueryUsersOnEncryptedFile
SetNamedSecurityInfoA

Sections

.text
Size: 120KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ