449c1caaea0cbd58b81820627e2a5c63_JaffaCakes118 | Triage

Sharing

General

Target

449c1caaea0cbd58b81820627e2a5c63_JaffaCakes118
Size

114KB
MD5

449c1caaea0cbd58b81820627e2a5c63
SHA1

18b1a2e2f1e76041600c5e3c409cf52c9c00a18b
SHA256

a801d08dd5620b8690a544cf1de3358167ed59c9cfa5d19971bcb391434f9904
SHA512

0ab329fa26323f55e3b1327cd5c17bf15c2e08a2f532faab5fcd90e5c701eb9e2a5c9f586996921bf72e355563e5345c2166fec93ef00ca4318ac33c816c27bd
SSDEEP

3072:hCHfO0+QwTwC71C+THE4WQir4CvCo+OWW5uNa/0M+xmBm:YHfL+l8S0abikCvCo+ObuNa8MKb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
449c1caaea0cbd58b81820627e2a5c63_JaffaCakes118

Files

449c1caaea0cbd58b81820627e2a5c63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da0ae31bfd28db018c06161de1212e20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlDeleteSecurityObject
RtlComputeImportTableHash
RtlAddAuditAccessAce

user32

GetWindowRgn

advapi32

RegOpenKeyExW
LsaDeleteTrustedDomain
CryptSetProvParam

gdi32

SetSystemPaletteUse
UnrealizeObject
SetGraphicsMode
SetDCBrushColor
SetArcDirection
PtInRegion
LineTo
WidenPath
GdiTransparentBlt
SetPixel
CombineRgn
CreateRoundRectRgn
ExtSelectClipRgn
FillPath
FlattenPath
GetArcDirection
GetBitmapBits
GetCurrentObject
GetGraphicsMode
GetStockObject

msimg32

AlphaBlend

activeds

ADsBuildEnumerator

rasapi32

RasAutodialAddressToNetwork

aclui

CreateSecurityPage

Exports

Exports

UkxpPRF0osLRW4PxA
Xr5Q6YOSTcUs
Z5Lt

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE