ec5f4a14e469be9c5e70ba41990870f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec5f4a14e469be9c5e70ba41990870f0_JaffaCakes118
Size

169KB
MD5

ec5f4a14e469be9c5e70ba41990870f0
SHA1

ed46eb9348d7c8b79d14aa55540b33a3dd5c4f7e
SHA256

60a75601014ee022204aff1de3a717346a1871f10dd4a4f5d48793400ef9c7d8
SHA512

35724259fb57f69d51500793875a177e65ff342b999ecb768360596766bea08df6d29b0613250ee1af033dda75870aa3c8ff74d82d066ba2c4ce86680e81e8f3
SSDEEP

3072:DJz5mrt88f5QKBnO5Pv33in5BFx4QgYytAN0TgI+zTvAgO07OR1ahHJ:Ngm8RVnO5PPS5pIvtOIedO07OHMHJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec5f4a14e469be9c5e70ba41990870f0_JaffaCakes118

Files

ec5f4a14e469be9c5e70ba41990870f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf579297c8f1136efc4a57bab6780c20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

kernel32

GlobalAddAtomA
FindClose
FreeLibrary
ExitProcess
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
EnumResourceNamesW
LoadLibraryExW
QueryPerformanceCounter
Sleep
GetLongPathNameA
GetTickCount
InterlockedExchange
InterlockedCompareExchange
GetProcAddress

comdlg32

ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 88KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ