26d109f0e20ea1c6161eccbbad91d81e_JaffaCakes118 | Triage

Sharing

General

Target

26d109f0e20ea1c6161eccbbad91d81e_JaffaCakes118
Size

114KB
MD5

26d109f0e20ea1c6161eccbbad91d81e
SHA1

a164bebdb909363cf8745dd8a0a3604b42bc1519
SHA256

41d93fbe18cf34096ec9bfba0ac22dac042dbbc14b23c459b76726ebc18f4bab
SHA512

adb7ee0895dcb07b198e32133993cc63168ae84bf4bf69792ddf37217e9b9ba14b4ff57a700a28aaea6ec0a2f4c66d910e409dd715e6b64772fe2ba52168c805
SSDEEP

1536:plphM9sS4dy+yXiGSvUyPY5aYgqiU1F0Q4Z2uSvYMuJcfBPVwA9QFN4Ai:jM9sxxyyvxg6MBDuSvZOmPVfSi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d109f0e20ea1c6161eccbbad91d81e_JaffaCakes118

Files

26d109f0e20ea1c6161eccbbad91d81e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a733a1b8a2ddf6a36416343efdf27b46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ole32

IsEqualGUID

urlmon

MkParseDisplayNameEx

shell32

SHGetSpecialFolderPathA

Sections

CODE
Size: 68KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE