8648fe8a722044918faa543988eea1b0_JaffaCakes118 | Triage

Sharing

General

Target

8648fe8a722044918faa543988eea1b0_JaffaCakes118
Size

180KB
MD5

8648fe8a722044918faa543988eea1b0
SHA1

e99252450542b0c73d11fbbeb2069879ab8268f5
SHA256

ed5992735e4d63c6aef98f031156bc74bc10041e1dc19b3b404d9694b74f1e31
SHA512

e8e699a7836707d479cc9cabe2689ef854c0cc913fda0d19878a8fe8e78cc86bc647caf0e9b159662cfdc33940a2f6547227f49089f8e301c0abb7862d95b870
SSDEEP

3072:hD2xFMJeSjU91NwhzvGQ5Fv6GKWiEAZxRzvUAtfRZF5EKWiQqmyFDuA:hD7JeSjoCB5xhCFzsAtZj5NBQoF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8648fe8a722044918faa543988eea1b0_JaffaCakes118

Files

8648fe8a722044918faa543988eea1b0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ca6ab0f08afe2d9f24be78633a20c21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset

user32

ShowOwnedPopups

winspool.drv

WritePrinter

kernel32

CreateFileA
GetModuleFileNameW

advapi32

RegLoadAppKeyA

oleaut32

VarI2FromI4

Exports

Exports

OqwncdRfdeawcce

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ