10df0b4b12c9c11d1add1094ed09eb56_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10df0b4b12c9c11d1add1094ed09eb56_JaffaCakes118
Size

1.4MB
MD5

10df0b4b12c9c11d1add1094ed09eb56
SHA1

f479c3b898e528564f8149e99a94a38d17ac21af
SHA256

b124be5c22f59781d09e3a6edd947a589c6e535fafa062c5a0bacc5293bf2774
SHA512

7c86c9bfb26801ce1b6a30e15e6d41a7d6a5abcec753f0e7812619b839cc66452f6350c0e16cecdb76d372088036c8bdc11d2265ead99a2576334250bdede86c
SSDEEP

24576:l9dj9jqvmebfYvPv2fZ1/sdRqxWEBBK2ysOvrxcMdG:XdJWRbfO6/wWW6MbnrKMdG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10df0b4b12c9c11d1add1094ed09eb56_JaffaCakes118

Files

10df0b4b12c9c11d1add1094ed09eb56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aa32a9adfe3a40abfffb5300d06cc9a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Program Files (x86)\jikai\CavalryPlayer-无框版\Debug\CavalryPlayer.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetWindowTextLengthW

gdi32

GetBitmapDimensionEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW

advapi32

RegQueryValueW

shell32

DragAcceptFiles

comctl32

InitCommonControlsEx

shlwapi

PathRemoveExtensionW

oledlg

OleUIInsertObjectW

ole32

WriteClassStg

oleaut32

SystemTimeToVariantTime

gdiplus

GdipCloneImage

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile

Sections

.text
Size: 1.0MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE