ff3e6113370a185e5e0bff46f822f149_JaffaCakes118 | Triage

Sharing

General

Target

ff3e6113370a185e5e0bff46f822f149_JaffaCakes118
Size

118KB
MD5

ff3e6113370a185e5e0bff46f822f149
SHA1

b8ed5657a75fedd5826897ab1dbc572e499dc264
SHA256

667f4cf35379a69df1aa560c807fedf77c1fef40c8448f7ddbbcdccca8f5efd4
SHA512

e5cfd6e5c82709f59c2b41432f2e709255b4db66326732ce477ee24b8da9375ea7825d203245b799ec25d330e3952bde956d2374d811261a64dfff4b2d61ac98
SSDEEP

3072:36+CaX2zom20ry0i7yHvVqfJBllfmdOeybew+Qu:3Tmzom20D8yPV4JBjRMQu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3e6113370a185e5e0bff46f822f149_JaffaCakes118

Files

ff3e6113370a185e5e0bff46f822f149_JaffaCakes118
.exe windows:9 windows x86 arch:x86

67c76712bde6531e78f29e819706cc78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inkemqoa

swprintf
PifMgr_SetProperties
CtfImmSetAppCompatFlags
iswdigit
ReadCabinetState
_toupper
_memccpy
strtol
ImmSimulateHotKey
strstr
ExtractIconResInfoA
ILClone
PathIsSlowA
CtfAImmIsIME
_vsnwprintf
PathProcessCommand
ImmGetConversionStatus
CtfImmIsCiceroEnabled
ImmGenerateMessage
PrintersGetCommand_RunDLLA
strcpy
ImmGetHotKey
CtfImmIsTextFrameServiceDisabled
ImmGetIMCCSize
_alldvrm
ILFree
ILGetSize
strrchr
DllCanUnloadNow
iswctype
ImmGetIMCLockCount
ImmIsIME
CtfImmLastEnabledWndDestroy
ImmCallImeConsoleIME

kernel32

SetProcessAffinityMask
GetProcessAffinityMask
GetSystemInfo
SwitchToThread
CreateEventA
ExitProcess
SetThreadIdealProcessor
GetCurrentProcess

Sections

.text
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ