efef3aa799d18128f6198c33a503ef27_JaffaCakes118 | Triage

Sharing

General

Target

efef3aa799d18128f6198c33a503ef27_JaffaCakes118
Size

195KB
MD5

efef3aa799d18128f6198c33a503ef27
SHA1

b8ccbbb683a03d5013c1e9081a4e49960ddfe706
SHA256

85b47ed30e3e470af594380e5b80867d5f02ab88883f60f42c372f283443515c
SHA512

7fe3038c3877546ce47c2f800e0fc44944a6b47b9ab3b08b69a309f2d309c7c12fbf16bf67b9bc6418228a387abdd9b974ebc79a5d3ded4563ad5430f570dc02
SSDEEP

3072:Mn47PND/60tW2D2oFPPHBUOfaZzsHH9CAjJBdpOfUmBtRdQQ4kOFJXTY9SMI:WkPp6P2D2GXHzDnIoVpHmBtPR8ZpM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efef3aa799d18128f6198c33a503ef27_JaffaCakes118

Files

efef3aa799d18128f6198c33a503ef27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7922da255463d1a48f7e34e39e14713

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetEnvironmentStringsW
GetCPInfoExA
WideCharToMultiByte
GetThreadLocale
GetEnvironmentStrings
HeapSize
WriteFile
GetLastError
GetOEMCP
InterlockedIncrement
GetLocaleInfoA
EnterCriticalSection
GetCPInfo
GetVersionExA
EnumResourceTypesA
UnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
LeaveCriticalSection
GetACP
FreeEnvironmentStringsW
GetStdHandle
TlsGetValue
DeleteCriticalSection
FreeEnvironmentStringsA
lstrlenW
InitializeCriticalSection
LoadLibraryW
SetHandleCount
RaiseException
MultiByteToWideChar
InterlockedExchange
GetTickCount
GetStartupInfoA
GetCurrentProcessId

gdi32

GetDeviceCaps
GetTextMetricsA
GetTextExtentPointA
DeleteObject
SelectObject
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

ole32

CoGetMalloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ