16f7738e812861800f75427925c75ce9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16f7738e812861800f75427925c75ce9_JaffaCakes118
Size

90KB
MD5

16f7738e812861800f75427925c75ce9
SHA1

65a50795fd792aac05bf304d63b0155571c05337
SHA256

47c1b139a7dffc8c2151bb1f4f9ea000013b0611a6fc21a1ac6b869543b77551
SHA512

d7ec0f0912d98903773767f2656246ff4056b55a926d3321db7046f61b6707c5ba55b4b0931ade311a333c3708fcef8f44f89e17e77544617b1ab775733b1f82
SSDEEP

1536:I8YztT7My2kw/zceD9S2+CTZY0wQ8t3QQx40UNLYqYYxdXM4FWiiVdUciQ28BrKk:VYzZMFkw/zPD9SLuC0wQ8t3QQHtqYYxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f7738e812861800f75427925c75ce9_JaffaCakes118

Files

16f7738e812861800f75427925c75ce9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de6fdcdc7f4ad649a7529bf91b3c3b02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ws2_32

WSCInstallProvider

Sections

CODE
Size: 85KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE