eec53049ea776e7110f52d3022a32af4_JaffaCakes118 | Triage

Sharing

General

Target

eec53049ea776e7110f52d3022a32af4_JaffaCakes118
Size

251KB
MD5

eec53049ea776e7110f52d3022a32af4
SHA1

bf2f55ae94eee0b44957e07406e719f4337778c6
SHA256

6cbb653a59a6331889e25db12e52502526f32f85bb49a38bf69dd7f507e66212
SHA512

38a8b1c722c7c6ddb8476c27cac8a59b09f55cf689fa02132b5f3afbf7c4355056d8702385347857b74b348ce096f11942757279ec208d81a07ccc242b109a2f
SSDEEP

6144:7WEc4VrT48FPV1Avvt+j+P2xIe9jsLexZPkLDAr+:7WirT4yPV1Avvt+6KjsLeTcLC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
eec53049ea776e7110f52d3022a32af4_JaffaCakes118

Files

eec53049ea776e7110f52d3022a32af4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a2839a0e2161689c5dfcc78661aa29e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

kernel32

CopyFileExA
HeapFree
HeapAlloc
lstrcmpi
GetProcessHeap
RtlUnwind
HeapValidate
IsBadReadPtr
RaiseException
ExitProcess
VirtualProtect
VirtualAlloc

oleaut32

DispGetIDsOfNames
DispGetIDsOfNames
VarUI1FromDec
CreateErrorInfo
SafeArrayAllocDescriptorEx
GetActiveObject
VariantInit
SysFreeString

Sections

.text
Size: 158KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ