66edf3736f90448f0730a20af40fadce_JaffaCakes118 | Triage

Sharing

General

Target

66edf3736f90448f0730a20af40fadce_JaffaCakes118
Size

528KB
MD5

66edf3736f90448f0730a20af40fadce
SHA1

fac8f26e922cddd18d76a3b47ef2a08e02544168
SHA256

45f73616e5d257d2424fe19c231bb3989ad47d75dc5d9f47324407bf29a54821
SHA512

4a02bb768b825c0203e5c4fd545f80122021e4ea3c99154529691a382b3703d98676039d0b38a75473561a89ba42fe0786e81a8f0428056891cbf1564c579485
SSDEEP

12288:dqUOEcaYRjbKLQKFys8z0J8WoVg2GSYtmifvNQl4lpimE9:pFpQKphDoO2GztmIm+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
66edf3736f90448f0730a20af40fadce_JaffaCakes118

Files

66edf3736f90448f0730a20af40fadce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

19cc86fbdce500e703d38d0daa3792f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
GetACP
lstrlenA
lstrcatA
lstrcat
GetConsoleAliasesA
CreateDirectoryA
GetCurrentThreadId

shell32

SHCreateStdEnumFmtEtc
AppCompat_RunDLLW
InternalExtractIconListA

winspool.drv

DevQueryPrint
AddPrinterDriverA

imagehlp

ImageLoad
MakeSureDirectoryPathExists
MapDebugInformation
SymRegisterCallback

version

VerQueryValueW
VerQueryValueA

gdi32

GetDCOrgEx
SetBitmapBits
OffsetRgn
ResetDCW
CreateRectRgnIndirect

Sections

.text
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE