fb73d0359f7884e6fd0599ed085c54b0_JaffaCakes118 | Triage

Sharing

General

Target

fb73d0359f7884e6fd0599ed085c54b0_JaffaCakes118
Size

126KB
MD5

fb73d0359f7884e6fd0599ed085c54b0
SHA1

11b1fa897ac2d4386271f5ac77a77f5b9162ad0c
SHA256

bd636fc134cc19ea72a62da9f15cec2852200d48b4c5092ed71aef0f0b56e084
SHA512

8c49354b19a6df01002e3ae7b302b82d5471792868526c6f621be9830ee1536c9ae44454f067915b5eceef56b3fea059a070781e7601e1a98c02857c5876c2d1
SSDEEP

1536:xV3Z+6UTS6VZkPuEbTKY6iYeX6GaZcgK3/VACC2yQBcNN7veO8B:xOdGPuEX/4bZcV/VACLcPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb73d0359f7884e6fd0599ed085c54b0_JaffaCakes118

Files

fb73d0359f7884e6fd0599ed085c54b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

075177a390e97be4292788e947f42be9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM
IMAGE_FILE_BYTES_REVERSED_HI

PDB Paths

1ddS.pdb

Imports

winspool.drv

OpenPrinterW

gdi32

GetTextMetricsA
ExtEscape

msi

ord30

msvcrt

fputws

version

VerInstallFileA

advapi32

GetOldestEventLogRecord
GetFileSecurityW
GetSecurityDescriptorGroup
EnumServicesStatusA

user32

GetTitleBarInfo

kernel32

DefineDosDeviceA
GetUserGeoID
GetModuleFileNameA
GetBinaryTypeA
WTSGetActiveConsoleSessionId
GetTickCount
GetModuleHandleA
DeactivateActCtx
IsProcessInJob
FillConsoleOutputCharacterA

Sections

.AD8Te
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ