11f9825922fd8d1bd768482b05b02944_JaffaCakes118 | Triage

Sharing

General

Target

11f9825922fd8d1bd768482b05b02944_JaffaCakes118
Size

279KB
MD5

11f9825922fd8d1bd768482b05b02944
SHA1

bdc6ac748658fc2c494a565a1cca6e0986f540ef
SHA256

ad7cf98677de2f52520e9bc688d99457f809fed2958404e1441a4f91cec20424
SHA512

f4aa5062eccaaf58bd564cdac101a5f3abd522b3d073762a4e9fa67c9bc08e4aabff0cbb065e4cfcc50aff372abbc182d2b70501b628fa26acb4f15847880b48
SSDEEP

6144:qEmXHgZWulUYx6Mp8N3jgq83RyRUMX9Ky9yacpAitSkqgE:EX0aY4Dlcq8hBiKyMaSAISkqg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11f9825922fd8d1bd768482b05b02944_JaffaCakes118

Files

11f9825922fd8d1bd768482b05b02944_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ece54cbff00fb46cf796a3502c5c7e10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
CreateSemaphoreW
FindClose
HeapFree
WriteConsoleA
SetVolumeLabelW
CreateDirectoryA
GetModuleHandleA
IsBadCodePtr
RemoveDirectoryA
VirtualProtectEx
FindClose
SetEvent
ReleaseMutex
SetStdHandle
GetDriveTypeW
WriteFile
ExitThread
GetVersion
RemoveDirectoryA
CreateMailslotA
ResetEvent
GetSystemTime
GetCommandLineA
FindAtomA

uxtheme

DrawThemeEdge
GetThemeColor
GetThemeRect
GetWindowTheme
CloseThemeData
SetWindowTheme
GetThemeTextMetrics
DrawThemeBackground
GetThemeSysSize
GetThemeTextExtent
OpenThemeData
CloseThemeData
IsThemeActive

pstorsvc

Start
Start
Start
Start

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ