f477b9a5d3a5c2b3bdf88166ee92c5a8_JaffaCakes118 | Triage

Sharing

General

Target

f477b9a5d3a5c2b3bdf88166ee92c5a8_JaffaCakes118
Size

278KB
MD5

f477b9a5d3a5c2b3bdf88166ee92c5a8
SHA1

6aae5c5dfd07421734e443e4a85e1b0ed0c021d0
SHA256

20c0eeec0a5528630dcfd0d8fa0c2b4d5758db6084c6e2ac21278a0860ffec54
SHA512

c24b8bab5d9da9f5df549a06d9b18a32aeb58fc785f3aac27a3a97f8707bd15d5458e358dc2459079f4a2ebd17e2e37bd34d64699a9cfaed6b974fb6bd572136
SSDEEP

6144:OhscNlQZU3xpNqntnbnMtOtd+RL5NPeiiTx:MsgUQZApMtcd+R95l4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f477b9a5d3a5c2b3bdf88166ee92c5a8_JaffaCakes118

Files

f477b9a5d3a5c2b3bdf88166ee92c5a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13cecbec7ddc14ef54a6d67f3dad5156

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
RtlUnwind
FlushFileBuffers
WriteFile
GetSystemInfo
SetEndOfFile
HeapAlloc
ExitProcess
EnumResourceNamesW
ReadFile
VirtualQuery
GetLongPathNameA
GetCurrentProcess
GetOEMCP
SetFilePointer
VirtualProtect
HeapFree
FindAtomW

ole32

CoCreateInstance
CoTaskMemFree
CLSIDFromString
StgCreateDocfile

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 146KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ