2de539c56b85e110384b267a62dc53f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2de539c56b85e110384b267a62dc53f7_JaffaCakes118
Size

151KB
MD5

2de539c56b85e110384b267a62dc53f7
SHA1

eb2e799ada6d592d06686a3f228e4b5c041303ae
SHA256

4e1f198b11a19705d77d8797fc6f2a5c11667939c519f819f4750cdc18f54a84
SHA512

8c955ccda024a7c886b645a30c4f92047f554d32ab6734aefd7859e6b6b29d9ddc2de857884a2e89caa85b5a0b3e2d690327b5b781fc0c0f746f07039ca47200
SSDEEP

3072:5Myy74vrAn4dIDl+QERO5Nr6uDV2UwsSGdGCDgBhJUnNzVTi2uKx:yyy4A9kQESNrYrsS+GCDzVThuK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de539c56b85e110384b267a62dc53f7_JaffaCakes118

Files

2de539c56b85e110384b267a62dc53f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28bdadcaeb70aa6512aa28dc43d4dbbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileA

shell32

ShellExecuteA

Sections

.text
Size: 141KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE