28d4889ba6c2ef02c7e2cc42eb258e29_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28d4889ba6c2ef02c7e2cc42eb258e29_JaffaCakes118
Size

191KB
MD5

28d4889ba6c2ef02c7e2cc42eb258e29
SHA1

638fa36484d6defd80a83ebd6a2451d3c6311ec5
SHA256

aa5fa712694775ce9017dd186ce46fc20a8de4cee60f0204350f9c259c3526a4
SHA512

86db14b5b9fb64a3f3c5edf47c672b72767d8dead515d700cc4dd8ce64beee56a4ac51203c875746f917e1b30e6f5da68c70135d4845e6517996fa6bf2cf9894
SSDEEP

3072:Nczij9cKo5FxqcDdoKHk25pPClCi5bYgHfCrZSX2j7oB/FzY4V79uPOh/sAd+CjO:NcagxtxoKHV5ObYeCrZSMEB/FzY4CPqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d4889ba6c2ef02c7e2cc42eb258e29_JaffaCakes118

Files

28d4889ba6c2ef02c7e2cc42eb258e29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8f203025326575269278983e01165a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

urlmon

URLDownloadToFileA

comctl32

ImageList_SetIconSize

netapi32

Netbios

Sections

CODE
Size: 179KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE