fed55fab00325e37a6fc09224ff791d6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fed55fab00325e37a6fc09224ff791d6_JaffaCakes118
Size

198KB
MD5

fed55fab00325e37a6fc09224ff791d6
SHA1

72b0ed3ef395e97561135cdda1c3538b5dfddf3a
SHA256

3c314e61bef9c52b5ffd1f4764dca3b2081094575699a12be41eff5a464efb88
SHA512

1cadd85aae93e45abdd8e1a05f5e8668a0c22b11e7f6817345e2885e12cee308d04b9d7f97cd684a1c99d4a11ded1d0c147a593a854cadec94618d6493a939d2
SSDEEP

3072:XFOtcsrttMtQI34PF03sUbxpWY60QjxdoIfToogTzl9:1OtcytA9m0jWYWjozoUp9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fed55fab00325e37a6fc09224ff791d6_JaffaCakes118

Files

fed55fab00325e37a6fc09224ff791d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72ba7939f82a5bcadd52f6703c28fe51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectA
SelectObject
DeleteDC
SelectPalette
CreateCompatibleDC
UnrealizeObject
BitBlt
RealizePalette
SetMapMode
GetDeviceCaps

kernel32

InterlockedIncrement
GetLastError
FlushInstructionCache
HeapAlloc
DeleteCriticalSection
GlobalUnlock
GlobalAlloc
TlsSetValue
GetStartupInfoA
CreateFileW
GetVersionExW
LocalFree
InterlockedDecrement
WaitForSingleObject
HeapFree
GetThreadContext
VirtualProtectEx
GetFileSize
GlobalFree
ExitProcess
SetLocaleInfoW
WriteProcessMemory
GetCurrentThreadId
DuplicateHandle
GlobalLock
RtlUnwind
FormatMessageA
SetLastError
GetCurrentProcess
RaiseException
GetTempPathW
InterlockedExchange
GetCommandLineA
GetWindowsDirectoryW

rpcrt4

NdrByteCountPointerFree
UuidToStringA
UuidCreate
RpcStringFreeA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ