07e2680116ba64a01eff684eba1521d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07e2680116ba64a01eff684eba1521d3_JaffaCakes118
Size

182KB
MD5

07e2680116ba64a01eff684eba1521d3
SHA1

26127eeeac53db718771caf108a63f879158d157
SHA256

73a5ce93adc00496da5f1361b3ae5aaf44e78b352b9f5c4ed3d58d3f72616776
SHA512

59d78912ae31f9b7bec025fe969950cd53308187ad75b6da9a385c9e7f64b981422009aa6b10e6687a8549898fefa60aa62e3e39b845b2af3cbe1bfc97a2e56a
SSDEEP

3072:e57kEzkv63/F95v6qSrduzuVg39/7WmE9SWOLc+CpIzY+AM79kaTS2E8RQlORg2n:e5IS/d95ArdeuVgNTVE9SWACpEdA7yS4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07e2680116ba64a01eff684eba1521d3_JaffaCakes118

Files

07e2680116ba64a01eff684eba1521d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8148ead3bd882159590080b508fb435

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegCloseKey

wsock32

WSACleanup

comctl32

ImageList_Add

gdi32

BitBlt

user32

ActivateKeyboardLayout

ole32

CoCreateGuid

oleaut32

SafeArrayCreate

Sections

.text
Size: 175KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE