0ed889f20e802369ae56c7b55a9be220_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ed889f20e802369ae56c7b55a9be220_JaffaCakes118
Size

654KB
MD5

0ed889f20e802369ae56c7b55a9be220
SHA1

9e1fb076a1c77b5725de87df28942eadc0682f52
SHA256

a24c797074bf1edd9607450e917ce6af9087d2880743e958b9adbd883d91bb2c
SHA512

2ced645c21fe8e575aabb19a1f2220ee8c85bffd503ae7096cc79d13df1aab83f1bbd886fbba4ef5e0c05363542422854354600ba6c1cde1b3e60e5c4d3e3610
SSDEEP

12288:UhebId1HFKHi03zPm859Xo2X1OYgpUzrS7Uay40H5whrrVhHdeTz:6e0d1l237m8j42X1OYPfS78VH54r5Hev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ed889f20e802369ae56c7b55a9be220_JaffaCakes118

Files

0ed889f20e802369ae56c7b55a9be220_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d0170ad5c7399a507e73a55e811a16b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemAlloc

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteA

comdlg32

PageSetupDlgA

Sections

CODE
Size: 632KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE