088db643d061a9f05d92b4c164894a87_JaffaCakes118 | Triage

Sharing

General

Target

088db643d061a9f05d92b4c164894a87_JaffaCakes118
Size

184KB
MD5

088db643d061a9f05d92b4c164894a87
SHA1

992466740115ff4ff5442551aa3002bfee6722be
SHA256

2ed3c7d7b88d98aa16bae5176c64a8fabacb82f3eff78cb9a25239e954a99ebc
SHA512

8d21612926f22190f85b199dfa439b3ae2fd0c94a9fa8a9de2d1d1ce03785b428cdd0a6e815bed80a3d930324e51ea20b4e03e1d04a46d1afdf24e775fdaab6d
SSDEEP

3072:KVB3UORxq7RKl8IhuSlsQipl6+JLWBJUPIRZaGvn1UGbj6N/GDoOAzt90KwD2jcm:KnEO0gHhuSls/39JIa1En1j/6NQ4P8Tm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
088db643d061a9f05d92b4c164894a87_JaffaCakes118

Files

088db643d061a9f05d92b4c164894a87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9aac887c75ce22214e510f6789ce285

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
StgCreateDocfile

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

GetCurrentProcess
GlobalAddAtomA
SetFilePointer
FlushFileBuffers
WriteFile
RtlUnwind
ExitProcess
GetSystemInfo
EnumResourceNamesW
VirtualProtect
SetEndOfFile
GetLongPathNameA
VirtualQuery
HeapAlloc
ReadFile
HeapFree
GetOEMCP
FindAtomW

Sections

.text
Size: 96KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ