224e0c5a6e94688d7210f23d63f820a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

224e0c5a6e94688d7210f23d63f820a4_JaffaCakes118
Size

216KB
MD5

224e0c5a6e94688d7210f23d63f820a4
SHA1

f5e36e0b976c0df4a190af50e19a7bdd21676580
SHA256

d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
SHA512

82ca15f6edd91b40cedb65eed762fe47ec374a7e429f320763ccf9bd59a5e436fe3ed8678ba39ce870181744c61d626081bf7dd747d53510d3d9e768dc75f3f2
SSDEEP

6144:vCmm5cj/3bzB/6b/ncBTSIYJHOxS5RuvsN3vC5V64Gd7:vLycjfp/IncBT7YJvuv63vC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
224e0c5a6e94688d7210f23d63f820a4_JaffaCakes118

Files

224e0c5a6e94688d7210f23d63f820a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

92c924c24df0e35b6e1181ef84120afd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

kgvb|fptrn.pdb

Imports

advapi32

RegOverridePredefKey

shlwapi

SHQueryValueExW

setupapi

SetupDiCreateDeviceInfoList

msvcrt

tolower

avifil32

AVIStreamStart

kernel32

CloseHandle
GetModuleHandleA
GetSystemTimeAdjustment
GetProcAddress
GetModuleHandleW
InterlockedPopEntrySList

ole32

HGLOBAL_UserMarshal
HPALETTE_UserUnmarshal

winmm

midiOutGetDevCapsW

Exports

Exports

FGNyBdVDhh6rbj45

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ