17cf4d5464d90335c415f43cc5a11ba2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17cf4d5464d90335c415f43cc5a11ba2_JaffaCakes118
Size

407KB
MD5

17cf4d5464d90335c415f43cc5a11ba2
SHA1

3a8a2195a7ab26cee56bebb829b066eef9915491
SHA256

5a4ffceb6c0ce296548be867d1fcf74adb4592a32a19c20dadc36e30debfb734
SHA512

e891e34a40fe4318163ea357989b7eb79eddf66300c73b9071a535d9db3b3345e2e37722aa7246ec2598fbd0a2a7371ee46509d63114fdd11990ed40df21f44a
SSDEEP

12288:7cEOpk6OmkjM7NlhXttB5T8xcIRzZDRnWF3Su:7clpk6OfjMxdtP8OIRt1ny3S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17cf4d5464d90335c415f43cc5a11ba2_JaffaCakes118

Files

17cf4d5464d90335c415f43cc5a11ba2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

42982be542dea05da469d70044b57f6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

LoadStringW

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CreateStreamOnHGlobal

comctl32

InitializeFlatSB

shell32

SHGetFileInfoA

winspool.drv

OpenPrinterW

Sections

.text
Size: 349KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE