0b4dd67cbeb6acd4a47f311b3c559820_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b4dd67cbeb6acd4a47f311b3c559820_JaffaCakes118
Size

296KB
MD5

0b4dd67cbeb6acd4a47f311b3c559820
SHA1

a906ba47eb91e069d79c68ecc41c3e635605b3bc
SHA256

0148dd0bb3cb12fcfd16026f566e51a2c0747005f4ba65f5ee168c979d663c7f
SHA512

a0d04b47d0ea1e6d060869742d985e063c8c0ab05d3e3180f0514cf64e55543515fef0b8cb766d4b76e623f61b79ce1e8188ba76cfeaf425cc1049e137c428d7
SSDEEP

6144:bweK/BuzrDXP3PHBfP3HLp3PHJZginZCZtmhNa81tu627V0sAn0gadp:nK5uzrD/3PHBfP3HLp3PHJZgp/0NV1t+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4dd67cbeb6acd4a47f311b3c559820_JaffaCakes118

Files

0b4dd67cbeb6acd4a47f311b3c559820_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4635d7be221eaf4d50425957306cb43e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ReadFileEx
GetPrivateProfileIntA
SetEnvironmentVariableA
HeapCreate
DeviceIoControl
GetDiskFreeSpaceA
Heap32First
GetLastError
FindResourceA
ReadConsoleA
CloseHandle
lstrcpyW
GetStringTypeW
InterlockedIncrement
LoadLibraryA
InterlockedDecrement
CreateEventW
Heap32Next
lstrcatW
GetDiskFreeSpaceA
VirtualQuery

adsldpc

ADsEnumClasses
ADsCloseSearchHandle
ADsDeleteDSObject
ADsCreateDSObject

uxtheme

CloseThemeData
IsThemeActive
GetThemeColor
DrawThemeEdge
DrawThemeBackground
GetThemeTextMetrics
SetWindowTheme
OpenThemeData
CloseThemeData
GetThemeSysSize
GetWindowTheme
GetThemeTextExtent
GetThemeBool
SetWindowTheme

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ