42534d3befb827ab8783b71b5ead9fec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42534d3befb827ab8783b71b5ead9fec_JaffaCakes118
Size

37KB
MD5

42534d3befb827ab8783b71b5ead9fec
SHA1

095a7f264c3ad272131c09bd51fbd648cf9e0cdc
SHA256

0dc79c480abd6013f587c66a0685db5ac8204305b183a3dd58b1e1e182a5508a
SHA512

7bd18f930d219bafe5cc83682be96b35791847f8ee626f3b5d5f84a68024e7ec9002d78740521c7b12fc59e4f12aa4ceecda39bef1013e129d955675c959ae2a
SSDEEP

768:rfiBLKn2x1hdNB8G4rdFqEzniUggZOhOdOrNNtkKsf+0E5h+Fg+nE+1E1xaHrmoX:rfiBLK2xT4r7HiUuhFPkKldh+m+nT1Ex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42534d3befb827ab8783b71b5ead9fec_JaffaCakes118

Files

42534d3befb827ab8783b71b5ead9fec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f3796fd5ccd2dac14e4721adbb64a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcessId

ntdll

RtlExtendedIntegerMultiply
RtlDeregisterWaitEx

user32

ExcludeUpdateRgn

advapi32

RegSaveKeyExA

gdi32

GdiAlphaBlend
SetTextCharacterExtra
SetStretchBltMode
CancelDC
SetPolyFillMode
RoundRect
PtInRegion
LineTo
GetGraphicsMode
ExtFloodFill
EnumFontsA
SetRectRgn
CreatePatternBrush
CreateCompatibleBitmap

appmgmts

CsEnumApps

oleaut32

SafeArrayRedim

shell32

SHChangeNotification_Lock

iashlpr

MemFreeIas

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ