f8ece0c751b81908173c3ec86d08cab9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8ece0c751b81908173c3ec86d08cab9_JaffaCakes118
Size

116KB
MD5

f8ece0c751b81908173c3ec86d08cab9
SHA1

7e8fbc1844e2fa25b3ea0f78d95248d1d38f4a85
SHA256

d7e772bd301f06f04f228fb85cbca8012cf5ca00fafb1759ed0b6809ca17ea6e
SHA512

d71e2d9dafab57fbf317c4116bca5883834ad3c280e0ca66cf39348594c689dee5c9dd2348cfc70507af0c1b88341f4eab3c91fab6ac2b8740de4487c700783d
SSDEEP

3072:y173GBEXRqcB3ql/UVBSAkkvfiuSOoPO+n2R:y173UxcBg/UvSAk4E7PO+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8ece0c751b81908173c3ec86d08cab9_JaffaCakes118

Files

f8ece0c751b81908173c3ec86d08cab9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

48ddfe28d93e1e4f4f0ecee5b2b5962e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringW
MessageBoxW
LoadIconW
PostMessageW

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetUserModalsGet

ole32

CoUninitialize
CoInitialize

crypt32

CryptMsgGetParam
CertEnumSystemStoreLocation
CryptMsgClose

kernel32

GetTickCount
CancelWaitableTimer
GetCommandLineW
GetModuleHandleA
GetCurrentThreadId
InterlockedExchange
ProcessIdToSessionId
GetLastError
ExitProcess
CloseHandle
LocalFree
LocalAlloc
GetCurrentProcessId
GetCurrentThread
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
QueryPerformanceCounter
TerminateProcess
GetStartupInfoA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ