f6af29b9032a55779cf79a0d42ca7187_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6af29b9032a55779cf79a0d42ca7187_JaffaCakes118
Size

130KB
MD5

f6af29b9032a55779cf79a0d42ca7187
SHA1

ef23bf92720afd99cbae02b8136f4f48afcd0152
SHA256

868abb7e46069d0bca0d37b8adcfeceff83770b8f656c3dc6f7efd488c9f517b
SHA512

bf4347d65caf63d8aae6bf553f7388df05b4931971aacd38e94194b6fe157110dc966a9bd83f31a0c9b8c3f2ec463ebb40a31951964c504d8e075930fb929dcf
SSDEEP

3072:9L9tzW3H6wZ0ieIstQA9aKgtBXHI4JBZNkLfMt7K:BqXFZpeBtd8lXxJBATG7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6af29b9032a55779cf79a0d42ca7187_JaffaCakes118

Files

f6af29b9032a55779cf79a0d42ca7187_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc3baeb9ece9ceca28249642b555e403

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

gdiPlaySpoolStream
WidenPath
UpdateICMRegKeyA
UpdateColors
UnrealizeObject

comctl32

_TrackMouseEvent
CreateMappedBitmap
DSA_DeleteAllItems
UninitializeFlatSB
GetEffectiveClientRect
PropertySheet
ImageList_Replace

msvcrt

wscanf
wprintf
wctomb
wcsxfrm
wcstoul
wcstol

wsock32

bind
closesocket
connect
inet_ntoa

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE