2964f0bcd002ec3cb76a413203603ff7_JaffaCakes118 | Triage

Sharing

General

Target

2964f0bcd002ec3cb76a413203603ff7_JaffaCakes118
Size

49KB
MD5

2964f0bcd002ec3cb76a413203603ff7
SHA1

66c4c92151a204acda850554ed19ee8f160501da
SHA256

0415903698d96b3bb1dee99f5e9129f568f2bc78d4d4de3e56f0b63d48a7c9b4
SHA512

6c1fb56597aaa3f8de4117aefeb66286ca92d197fda0b3a68db4474eb84f67d4c4bcf398ff1facf3db60390a606b944ffc14b8c49c96ade359b459478634db1e
SSDEEP

1536:BQ95yPInKtl1zVqUTRqj12s1fz+EfY0z+LC40Oq:hJBzQUFqJUEw06WOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/documenty.exe

Files

2964f0bcd002ec3cb76a413203603ff7_JaffaCakes118
.rar
documenty.exe
.exe windows:4 windows x86 arch:x86

c36715ac4b8f344114dd97014f5af5fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadMenuA
GetFocus
GetCapture

kernel32

GetVersion
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrlenA
lstrcatA
lstrcmpA

winmm

timeGetDevCaps
waveOutGetID

comdlg32

PrintDlgExW

version

VerFindFileA

imagehlp

EnumerateLoadedModules64

oleacc

AccessibleObjectFromEvent

winspool.drv

DeletePrinterDriverA

ole32

OleCreateLinkToFileEx

comctl32

ImageList_GetBkColor

shell32

CDefFolderMenu_Create2

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ