288a7720b4d0b8bd92a8f666b1db9df0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

288a7720b4d0b8bd92a8f666b1db9df0_JaffaCakes118
Size

47KB
MD5

288a7720b4d0b8bd92a8f666b1db9df0
SHA1

e9f03c9c271b05f89bf6b491690178d48ebda04d
SHA256

5431743ade2cd1eec4595a1ebfe52ed75c4e1bbafc3ea042667de70103426643
SHA512

4666fa7544525422f8336f146c63e92e8c16806f6b45caca07f7c633ce45f136eda2624692a2a815afb05340f6632590f0f4273ff4a9927386b4538dede8b98e
SSDEEP

768:Om3sWWrV3O6r8ErP97fJxoP4F3BF3INUF3G6noj3r/eK4YtQWS8:d3sW235r7fAP4RBRI+RG6or/eKEWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
288a7720b4d0b8bd92a8f666b1db9df0_JaffaCakes118

Files

288a7720b4d0b8bd92a8f666b1db9df0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9534fcd0f693009c88102eb0630b67fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

urlmon

HlinkNavigateString

Sections

CODE
Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE