fb2563c88f94931ef36e9405de50b44f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb2563c88f94931ef36e9405de50b44f_JaffaCakes118
Size

4.6MB
MD5

fb2563c88f94931ef36e9405de50b44f
SHA1

1489debb29172007d4a821686f4021724513d5c9
SHA256

022e3028b23109b67f5659a2927f91280352e75fd38f464f140fa22df13ae2b7
SHA512

053bf84aab67d0b933e8e0e51b4d2eb8bbc66285c187b856c1f013592983ab4180287c331790cbbc23a71a24e12bbe3dd64e51f0cdf75bd09e6eb82e12a29664
SSDEEP

98304:SwbyfJSepDyVXNKYNXbQTtFiE344DZAuTtY9fJMCW0pkK0Nf7I/06KO:7OQepGVcUETtd344DjGfJzJx2VO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb2563c88f94931ef36e9405de50b44f_JaffaCakes118

Files

fb2563c88f94931ef36e9405de50b44f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b6d7c5f633ddde88af37070f1b8ec1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetGetConnectionA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetGetConnectedState

comdlg32

GetOpenFileNameA

wsock32

WSACleanup

msvcrt

free

Sections

CODE
Size: 4.1MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE