171f2299c0ca151caa6c79e467cf0678_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

171f2299c0ca151caa6c79e467cf0678_JaffaCakes118
Size

170KB
MD5

171f2299c0ca151caa6c79e467cf0678
SHA1

ce8fbd4b58d20b92d80011eb34216fd83de938e4
SHA256

0ffabcffec3e487c0492e08242ee01eb86dddd9cc4a474848e641d91a9c3668e
SHA512

e7d302ce686a6862ce79d19ebaa9db6e3cbb85843c0ef98412741bbfe224937e5b95fa1ef26805a1beb896373dac3b0f2d3890bea3b039372716bb21f75ba899
SSDEEP

3072:aQH849TwscIfVlC9k5S21R8qZsR3ej4bjXM50NW/JvSeG05x:BF9TYk49k0AY5jXrW/If0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
171f2299c0ca151caa6c79e467cf0678_JaffaCakes118

Files

171f2299c0ca151caa6c79e467cf0678_JaffaCakes118
.exe windows:4 windows x86 arch:x86

afd5fc85077443e51de669f58eea0428

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

RtlUnwind
GlobalAddAtomA
ReadFile
GetCurrentProcess
VirtualProtect
GetSystemInfo
VirtualQuery
WriteFile
ExitProcess
EnumResourceNamesW
SetEndOfFile
SetFilePointer
HeapFree
GetVolumeInformationA
FlushFileBuffers
HeapAlloc
GetOEMCP
FindAtomW

comdlg32

ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

Sections

.text
Size: 92KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ