f527b32236640ef1596231df77712586_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f527b32236640ef1596231df77712586_JaffaCakes118
Size

182KB
MD5

f527b32236640ef1596231df77712586
SHA1

24426b3ade9975df81068c0d75c99a648f290de5
SHA256

fcf9d7a0d979326cb321b1994997577ee7849ce41914a325f7802996e93bb837
SHA512

4cb309755444ff9250eb6010fda4a99b82b713b592c57548c44331516a960846aaa146b0227391bb22e016b9cba0741fd0bb30d207ad09175328ccc6efedadce
SSDEEP

3072:liEwKb2fQFu/CENeGFTSurJHiA2/3o7v0i0lj8x7uO9uugZZavInIaufw8yDRQmE:lWQu/BNukxzmjw7r2ZZ7PUMtU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f527b32236640ef1596231df77712586_JaffaCakes118

Files

f527b32236640ef1596231df77712586_JaffaCakes118
.exe windows:4 windows x86 arch:x86

571f4507fe428d92acf890d10bc2b154

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
CharLowerA

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
GetEnvironmentStringsW

ws2_32

shutdown

shell32

SHGetFolderPathA

advapi32

RegQueryValueExA

wininet

InternetReadFile

version

VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE