edc275bb861564012ac33373dc17dec3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

edc275bb861564012ac33373dc17dec3_JaffaCakes118
Size

507KB
MD5

edc275bb861564012ac33373dc17dec3
SHA1

53127bc810f0f53ed25da2caca6eb29141671299
SHA256

a64feb6db1c6844086ec919be0df89cc3718becabaf47e2536d3a0f282c89eb2
SHA512

37e875b6578eb9d678eb3e31436c97b00f787e01f816f4a22e1e9b7e9ee651ccd81ee200ea7ea80234fb112c271259b69ba17dbaf92e61e440507c7c9c3d7c1e
SSDEEP

12288:CfOKRHEEeWM2s+YJkbWmkYKCVAIV9u2L2O+aTC7+9:sOTE31+kDu2LFoy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edc275bb861564012ac33373dc17dec3_JaffaCakes118

Files

edc275bb861564012ac33373dc17dec3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f009da641b805565dc164221aefb2b68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterClipboardFormatA

gdi32

ExtSelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

SHGetSpecialFolderLocation

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal

oleaut32

VariantCopy

wininet

InternetGetConnectedState

wsock32

closesocket

Sections

.text
Size: 495KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE