1a085f208f774fd1c69399f35382fb7f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a085f208f774fd1c69399f35382fb7f_JaffaCakes118
Size

277KB
MD5

1a085f208f774fd1c69399f35382fb7f
SHA1

1da64ec0b0fe06d0edf35210899145a8f8b4f315
SHA256

d41be8bba3e93a3c7aacb734809c2c2987a088e69ff962bed4de3620d3bdf8d9
SHA512

593e57ed150644c1665fdf85cddf4c05ec7deedcdb82cabbed68966ddea00e86024ceb772d914c558b15ed680cb7768fc47aa7819adb52bce3b68f283a069a0b
SSDEEP

6144:TSTy9S7XuUMNpzU55eBQQZjjRInwzpiBQAjn6eb9/3CRDbP:TtS7epzDBdJgwzpiHj6etyJbP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a085f208f774fd1c69399f35382fb7f_JaffaCakes118

Files

1a085f208f774fd1c69399f35382fb7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43773a632cd3fb695fbb7e367e2d65a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
HeapFree
GetCurrentProcess
VirtualQuery
SetFilePointer
ReadFile
ExitProcess
VirtualProtect
SetEndOfFile
EnumResourceNamesW
WriteFile
GetStringTypeExW
HeapAlloc
FlushFileBuffers
GetOEMCP
GetSystemInfo
RtlUnwind
FindAtomW

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

gdiplus

GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipGetImageWidth

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

oleacc

CreateStdAccessibleObject
LresultFromObject

shlwapi

PathFindExtensionW
PathFindFileNameW

Sections

.text
Size: 142KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ