02c36e7688f495d467ba6e304890e659_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02c36e7688f495d467ba6e304890e659_JaffaCakes118
Size

263KB
MD5

02c36e7688f495d467ba6e304890e659
SHA1

b90e319cfe0e62b65b9234d6281bd0b9b55dd29b
SHA256

2c50cb1a4fb3fd84af93cc599ea20a367448f32d0fe6a68034ca286dddcc7a8b
SHA512

be631388963cd252301311b24ae384f3ef7ead652904b2226fb402cb84422822443954421b2a3683c850c57570e7df6e5425cdb55c30c782a1effce1b44cbda0
SSDEEP

6144:VLPcdvDeED7jRrXjUv0Q3JlI07bC6fx6kyMMb5T:VzccEDvRUR34I6+Mt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02c36e7688f495d467ba6e304890e659_JaffaCakes118

Files

02c36e7688f495d467ba6e304890e659_JaffaCakes118
.exe windows:4 windows x86 arch:x86

415fc83ce79ad04592377d3da0901a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

winspool.drv

OpenPrinterA

comdlg32

ChooseFontA

gdiplus

GdipFree

Sections

.MPRESS1
Size: 244KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE