35ff9d9d808b385ced6beee556df9d3a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35ff9d9d808b385ced6beee556df9d3a_JaffaCakes118
Size

196KB
MD5

35ff9d9d808b385ced6beee556df9d3a
SHA1

f97870c0b06a0d96f837800e10c8a8472a6f721a
SHA256

9f3cca63365e646140eacac2144c90bf48555e3e254dca8b4cc833d83ba911b8
SHA512

51736b476ed73a3a88afaaf52aba969ab9514b64889d87c643b33680b460ddcfb5311f00eb66e6546769d257a49b688dae579ec8a05e73e40ce704db0b73b662
SSDEEP

1536:FzTlGlalyIa6x6Drpgtbd4fNKUQSt4MVaXSVyitx7T9uG:Fs8lyIpx6Dr+tbd4FKgp3VRPT9uG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35ff9d9d808b385ced6beee556df9d3a_JaffaCakes118

Files

35ff9d9d808b385ced6beee556df9d3a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

26353d151d5b338829192eea15bd1b88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

ole32

STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage

winspool.drv

GetPrinterDataExW

setupapi

SetupDiGetDeviceInstanceIdW

lz32

LZSeek

oleaut32

VarUI4FromUI8

shlwapi

SHSetValueW
SHCopyKeyW
StrCpyNW

kernel32

GetNumberFormatA
FlsFree
FlsGetValue
LocalHandle
GetComputerNameExW
CreateWaitableTimerW
FindFirstVolumeW
FindVolumeMountPointClose

crypt32

CertOpenSystemStoreA
CertGetCertificateChain

advapi32

GetUserNameA

winscard

SCardDisconnect
SCardForgetCardTypeW

wintrust

WintrustRemoveActionID

user32

GetAncestor

powrprof

SetActivePwrScheme

winmm

waveOutGetErrorTextW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ