292ffb9ffe0f7bebf6b6b723fc5f6f67_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

292ffb9ffe0f7bebf6b6b723fc5f6f67_JaffaCakes118
Size

190KB
MD5

292ffb9ffe0f7bebf6b6b723fc5f6f67
SHA1

b9a128272f8f15fc395d3fdcf05ba0f56ca73515
SHA256

e1e1f07671a95de218809aa087aca02775eb367de3d0945d8b3e22a0931ad1c2
SHA512

f915ed922c4189c254067a751582ac409c6965437e06b3b25634a1d09012b03be27846b03213901fdbe500aec0ae085d97933fe1378ddec5a49571a6c9dc8642
SSDEEP

3072:9F1lN81d+Z7K11+nIInT7+X17bikixPZtNAx4QveKD2uGbQ5USL0n:71f8KA+zTyALxPZzU44eKD2LQGu0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292ffb9ffe0f7bebf6b6b723fc5f6f67_JaffaCakes118

Files

292ffb9ffe0f7bebf6b6b723fc5f6f67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb4db113c5a56ee94f8df37f9c6ae56e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

urlmon

URLDownloadToFileA

shell32

ShellExecuteA

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 175KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE