0cd0dd1904638215157c36f24e06caa2_JaffaCakes118 | Triage

Sharing

General

Target

0cd0dd1904638215157c36f24e06caa2_JaffaCakes118
Size

184KB
MD5

0cd0dd1904638215157c36f24e06caa2
SHA1

b102caa6a7a53d2da8f62dde8b1ee980a875d8f8
SHA256

44fb2a75f5289d706f6e37b0822d3f8d57ef3564867c9b95c2a4851d239b6930
SHA512

b5ecb30e8fb3fcfea23babcadd022af043e8b2af38f671a5b446b50e4301eed22a3433c43e1ca55d581f1f2e35ee40a32f96c9e06d1a1c09992bda84f1a32d3f
SSDEEP

3072:ily9pu6qS5y+H0S2ql9PqbmmTOCkvibJgZt56p79I7E+zg07lFc80tIMfqMp4s4H:iA9p+S5dUfqf+NTOCkpn5o79cg0pFc5J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd0dd1904638215157c36f24e06caa2_JaffaCakes118

Files

0cd0dd1904638215157c36f24e06caa2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6afe205e523a4552e1f1d5d2ef58ee19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GlobalAddAtomA
VirtualProtect
VirtualQuery
WriteFile
HeapFree
ReadFile
GetCurrentProcess
EnumResourceNamesW
GetOEMCP
HeapAlloc
GetVolumeInformationA
SetEndOfFile
SetFilePointer
RtlUnwind
FlushFileBuffers
GetSystemInfo
FindAtomW

comdlg32

ChooseFontA
GetOpenFileNameA

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 93KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ