61dda5df42f3482d0c1f5f9aecc7ed23_JaffaCakes118 | Triage

Sharing

General

Target

61dda5df42f3482d0c1f5f9aecc7ed23_JaffaCakes118
Size

1.2MB
MD5

61dda5df42f3482d0c1f5f9aecc7ed23
SHA1

5544d6d9e48855cbe94681078f4a68f03f27db40
SHA256

e671aee31a5e21e0578759ea80083d85bfbde90244226343acb77f9c0b732280
SHA512

3352240a317872649614af4b44a31cc455f83ccb906335c5a2c0e6655f5b883738cd380092fec3436f6e454642c8d1a295419864263529c6019be975cc4ddf2c
SSDEEP

6144:CxlV1FSOxoTpdLQ+GVcZDVBNj082BJr3k3xUOVs3DVf81GoyHn7kOpN50IKOOqsT:CxlnTALmQljH2fIGOVoDJLvfOqsUFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61dda5df42f3482d0c1f5f9aecc7ed23_JaffaCakes118

Files

61dda5df42f3482d0c1f5f9aecc7ed23_JaffaCakes118
.exe windows:5 windows x86 arch:x86

24da2c110c90ada0fcc9a74a3bd983c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wh@##weh.Pdb

Imports

mscms

UninstallColorProfileW

user32

CreateCaret
UserHandleGrantAccess
GetSubMenu
GetCaretBlinkTime
CallWindowProcA

shlwapi

StrTrimA

ntdll

wcstol

kernel32

SetConsoleCursorInfo
GetSystemRegistryQuota
GetNLSVersion
GetModuleHandleA
InitializeSListHead

opengl32

glEvalMesh1

oleaut32

SysStringLen

gdi32

DeleteObject
GetWindowExtEx
AngleArc
GetTextFaceA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 744KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ