11f00f5e7ca93e506b6774eeeea85c8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11f00f5e7ca93e506b6774eeeea85c8e_JaffaCakes118
Size

137KB
MD5

11f00f5e7ca93e506b6774eeeea85c8e
SHA1

bbc3e093349c53393448389585152472464ad01c
SHA256

0ebdd9742c8885bc278657cc0a3798b8400a2f0bd63014d9acceafce79dfc346
SHA512

628092b0c21551697ac57526152dcb053e7ff33fbf751354f4c569d3d380bb9b2969040f3b3a5ec5847cd0b611be3d277968b3c398da0570de2e3d5435d3f3cc
SSDEEP

3072:jkHpymtru5BupIw72s5Pr9JF1/LmRq4wUH7OhLTqixw6c2z++CFR6ZoeZm:VmtiojxrrLmRqy7Wydznqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11f00f5e7ca93e506b6774eeeea85c8e_JaffaCakes118

Files

11f00f5e7ca93e506b6774eeeea85c8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a38bd27e238c999d3f75ba666442541d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Write

shell32

SheFullPathA
StrStrIW
SHFreeNameMappings
StrNCpyA

kernel32

DuplicateConsoleHandle
ConvertThreadToFiber
ConvertDefaultLocale
DeleteCriticalSection

ntdll

NtInitializeRegistry
NtOpenEventPair
NtLockRegistryKey
NtFreeUserPhysicalPages
NtMapUserPhysicalPagesScatter

Sections

.text
Size: 53KB - Virtual size: 91KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE