f997e5389d36519247f9fb9a34922c62_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f997e5389d36519247f9fb9a34922c62_JaffaCakes118
Size

252KB
MD5

f997e5389d36519247f9fb9a34922c62
SHA1

e92e2e3e3d9e059f752a39e7a344555668d28776
SHA256

902db21cfdc31e3141d55a0dec5bc1e6c0055b016fb46eb88459d538f1befd15
SHA512

c25f4476e92bb73e651dc66dfb853ba772ea13b474efc3c1045a5d4bafbe21dad04358072c684d283b7b875e7748e0de80f322f6f66369714ee953e4b990d9c5
SSDEEP

6144:y2Ir4MJ6a7yULQxeJinwu5K7j7xH474knTB73:y2IcMAa7DRm5KruvN7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f997e5389d36519247f9fb9a34922c62_JaffaCakes118

Files

f997e5389d36519247f9fb9a34922c62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

912aceb9f54f6c3010bc14cea5fd8fc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

wininet

InternetOpenA

wsock32

WSACleanup

Sections

.text
Size: 243KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4gmhFpo0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ