09e47ef442006b3c65433d2a567ab258_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09e47ef442006b3c65433d2a567ab258_JaffaCakes118
Size

318KB
MD5

09e47ef442006b3c65433d2a567ab258
SHA1

41034b85eee88b845e252b53fa0c7500dde01ee6
SHA256

91a4f72742e128ddc2d71fd927b5541b1e8ee1a0101ae97563f37fdbaf225275
SHA512

f904ec2c6988d9bcc14257b8e07278bcf73cdaed7a57cdfa657e59426cb8d12794a9821ff85912a33d30dd375ed21e19d7633794cdc93ac8f1a5c39512b4862b
SSDEEP

6144:BgzmYimL/siTFf2l3/w/ac8olqbLyy9AwfgOw2qK/r+c+wDy7KUmRIDfb2V:BgiYPjJWv2vlqbmyLvOKz+iDy73mRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09e47ef442006b3c65433d2a567ab258_JaffaCakes118

Files

09e47ef442006b3c65433d2a567ab258_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4344f574bc4102841836be883b2d7777

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

comdlg32

ChooseColorA

updsystem

ShowUpdateDialog

Sections

XtreaM
Size: 254KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE