0fcbb8ce42783153e137f02eb35f3f45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fcbb8ce42783153e137f02eb35f3f45_JaffaCakes118
Size

209KB
MD5

0fcbb8ce42783153e137f02eb35f3f45
SHA1

b190874c222b22a73d82df3f5a2e171f80a840a9
SHA256

492d9d2fd3fa81947de92119fb52047b2476ff9fdc0b2896e5ef6fcf0106e3ed
SHA512

c225152dd8aad07349509213debfee4648c98422141369eda3127014b9e058efe0e4bf84cce1d63f61a3a01adce9cb7015025685e8bedda9825d30af9c9518a7
SSDEEP

3072:gD1jrGPRGuj28c0+pmYV/xF35KoyN1Tm3VTq/ZoW0epHBH36OGWPFz:gJjrgRXd+pvVJF3JG2q/EcHBX6ryF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fcbb8ce42783153e137f02eb35f3f45_JaffaCakes118

Files

0fcbb8ce42783153e137f02eb35f3f45_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f885e1eca8da334e5887bc2664e214e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

PlaySoundW

hookpr

?StartInject@@YAIPAUHWND__@@0@Z

user32

SetRect

gdi32

ExtSelectClipRgn

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteKeyW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree

oleaut32

SysAllocString

wsock32

htonl

psapi

GetModuleBaseNameW

Sections

.text
Size: 195KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE