f9ccc265963494ea9f61276e24b23159_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9ccc265963494ea9f61276e24b23159_JaffaCakes118
Size

190KB
MD5

f9ccc265963494ea9f61276e24b23159
SHA1

c04be693e205838deafe2466c155a592ef2ffcba
SHA256

eade0736e33c34f896c8dbb6bf1a55afcc350da8f866d96f121b784b5c4c472a
SHA512

60993c5db1ec8df94b0ea10ed44ad23cd4baed2be7d036f6c5bb3a0265b556acca64fea29ea31fd060d546e52165489115e36654fd9934b19c6c91f182cc0417
SSDEEP

3072:EgU5hj/EfScvFoHneu5zCicxOkrc//lwz6tIiXp5+H0/+sA6e/DxCShP4mqO+/fo:VUTj8F0eiOsJ//q6+65+H0OpFCeBk/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9ccc265963494ea9f61276e24b23159_JaffaCakes118

Files

f9ccc265963494ea9f61276e24b23159_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2dab602e5d987653c0c4b09f55c4fad8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
MoveFileA
InterlockedCompareExchange
QueryPerformanceFrequency
CreateEventA
WriteFileGather
GetProcessHeap
LoadLibraryA

user32

GetWindowContextHelpId

gdi32

AddFontResourceExA
SwapBuffers
GetMapMode
UpdateICMRegKeyW
InvertRgn
GetICMProfileA
Polyline
GdiEndDocEMF
PolyPolyline
GdiConvertBitmap
SetBkMode
CreateFontIndirectExW
WidenPath
CreateEllipticRgn
DescribePixelFormat
DeleteColorSpace
CopyEnhMetaFileA
Arc
FONTOBJ_pxoGetXform

Sections

.text
Size: 9KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ